Information Security: the heart of the paper-to-digital journey14th September 2017

Agenda

13.00 - 13.05 Preparing for GDPR (video)Information Commissioner's Office

13.05 - 13.35 GDPR: What to expect,Martin Fletcher, National Archives

13.35 - 13.50 Paper to Digital Transformation Jonathan Elliott, Xerox

13.50 - 14.00 Break

14.00 - 15.00 The challenges of digital transformationRoundtable

15.00 - 17.00 Information village

Preparing for GDPRInformation Commissioner’s Office – video

To watch the ICO video shown on the day, please click here to view it on YouTube

ICO video

4

© Crown Copyright 2017

GDPR for IAOs

Martin Fletcher – The National

Archives

© Crown Copyright 2017

© Crown Copyright 20176

Key relationships

© Crown Copyright 20177

Part 2 - The Public Good

• Preparing for GDPR

• Activity

o Sharing information

o Collecting information

o Publishing information

© Colin 2012

© Crown Copyright 20178

Data Protection and Information Management

• along with protecting personal data

GDPR provides a framework for good

information management

• the data protection principles can be

used for all corporate data in order to

keep it secure

• the principles can also act as an

enabler, for example making it easier

to find data in response to a Freedom

of Information request

© ico

© Crown Copyright 2017

General Data Protection Regulation (GDPR)

replaces the Data Protection

Act on 25th May 2018

refreshes data protection

principles

imposes a duty on

organisations to report

certain types of breach

© Crown Copyright 201710

Data Protection Principles

• lawfulness, fairness and transparency

• collected for specific purposes

• adequate, relevant and not excessive

• accuracy

• storage limitation

• integrity and confidentiality

• accountability

© Bartyzel 2014

© Crown Copyright 201711

• Ensure that explicit and valid

consent is gained to collect

and process data, where this is

the condition for processing

being relied upon

• change in the status of

contractors/data processors

• breach reporting within 72

hours

Key Considerations

© Crown Copyright 201712

• awareness: make sure you and your staff are aware that the law is changing, and

the impact this is likely to have

• information: find out what personal data you hold, where it came from and who

you share it with

• individuals rights: check your current working practices to ensure they comply

with the rights of data subjects

• legal basis: look at the types of processing you carry out, identify your legal basis

for doing this and document it

• breaches: make sure your staff are aware of the procedures to detect and report

data breaches

Five things IAOs should know

© Crown Copyright 201713

© Crown Copyright 201714

The Bee-Keeping licencing agency holds a large amount of physical records from the first

half of the 20th century relating to historical applications for bee keeping licenses. In order

to make it easier for bee keeping clubs to trace their histories the agency has decided to

digitise these records and make them available through an online portal. The agency

does not have the in house capacity to digitise such a large amount of records; therefore

it is considering hiring a data processor outside the EU to complete the task on its behalf.

Before any information gets sent over, discuss as a group:

What questions do we need to ask ourselves regarding the data?

What questions do we need to ask the data processor?

Activity: Exploiting Information Effectively

© Crown Copyright 201715

Further Support

• ICO Data Protection Reform website

https://ico.org.uk/for-organisations/data-protection-reform/

• GDPR Overview

https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/introduction/

• 12 steps to prepare for GDPR

https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf

Paper to Digital TransformationJonathan Elliott

17 September 15, 2017

Service Transformation Principles

• Integrated document workflows

• Paper to Digital Transformation

• Multi-channel Communications

• Smarter technology

• Shared Services

• Consolidate suppliers

TransformationalDo things differently

TransitionalDo the same with less resources

Degre

e o

f C

ha

nge

Ma

na

ge

me

nt

TransactionalPay less for the same resource

Business Benefit

Patient /

Citizen

Xerox Services for Public Sector to support the Paper to Digital journey

To view the Worcestershire video shown on the day, please click hereto view it on YouTube

Digitising Paper Records

19September 15, 2017

September 15, 2017 Xerox Internal Use Only20

Innovation - Services Road Map

Multi Channel Communications

VALUE

TCO

Hybrid Mail

Cost / Efficiency

Q1

OptimisationTransformation Transition

Service Start

Value Chain

• Hybrid Mail to reduce need for printers deliver postage

and admin savings

• De-risk take on existing vendor

• Manage existing contracts

• Rationalise & refresh MFD fleet

• Implement follow you to reduce print volume

• Implement Xerox additional onsite fleet support

service

• Deliver Proactive Support

Aspirations

• Implement Records solutions

• Implement improved workflow to streamline processes

using digital records

• Implement data analytics to use information in digital

records to drive planning decisions and better outcomes

• Realise multi-channel communication benefits by signing

up citizens to digital services.

• Introduce Robotic Process Automation and AI to speed up

decision making and reduce admin tasks.

Value Chain

• Transition external print from externals to Xerox

• Introduce DR and load balancing via Xerox print network

• Introduce Xerox commercial print sourcing service to lower

costs

• Provide ad-hoc scanning service though fleet

• Introduce Hybrid mail for outbound correspondence

• Introduce digital mailroom to close the loop on all

correspondence

• Digitise health records across all sites

• Implement Scanning workflow on MFDs for day forward

capture

Q2 Q3 Q4 Year 2 Year 3 Year 4 Year 5+

External Print

Creative Services

Digital Communications

Digital Mailroom

RPA

User

experience

Document Assessments

Digital Asset Management

Digital Records

Data Analytics

Document Workflow

EDRMS

MPS

AI

21 September 15, 2017

• A service transformation mind-set can drive real and measurable change

• Our services focus on service improvement and cost reduction but critically support your journey to being GDPR compliant

• New frameworks facilitate this journey of change

• A roadmap for the paper to digital journey is important

• Stepped approach is sensible

• Long term strategic partnerships underpin success in this market

• Xerox is continuing to invest and innovate our services to meet dynamic needs of the Public Sector

Closing remarks

Roundtable

September 15, 2017 Xerox Internal Use Only23

Which word springs to mind most with regards to GDPR?

© 2017 Xerox Corporation. All rights reserved. Xerox® and Xerox and Design® are trademarks of Xerox Corporation in the United States and/or other countries. 12/16 MPSPA-18EB