Key Locks - Not GDPR Compatible
Why Key Locks Are Not GDPR Compatible
Under the GDPR, data controllers must implement a system to protect physical data, such as paper files and physical media against;
1. Accidental or unlawful destruction
2. Accidental loss
3. Unauthorised disclosure or access
However, it is important to note that the system must also provide a record of when data is accessed and by whom. For compliance with the access management aspects of the GDPR, the system used must be demonstrably restrictive and hierarchical.
This compliance goal of the GDPR clearly can't be achieved if physical keys are being used to control access to data cabinets, filing cabinets etc. Even if it were possible to track the use of physical keys, keeping unencrypted logs or paper records of who uses these keys is completely impractical, prone to inaccuracy and manipulation, not to mention the fact that the access logs themselves would become a GDPR issue.
There are of course a number of other very obvious dangers in using mechanical key locks in a physical GDPR role that the safe and vault community have been aware of for a number of years.
Accessing mechanical lock systems by non-invasive combination lock manipulation or lock picking has become so popular that there are now lock picking hobby groups in most countries in the world. This hobby is commonly referred to as Locksport. Tools and instructions on lock picking are freely available on the internet and the activity is growing and quite widespread.
Of the two common mechanical lock types (the key lock and the combination lock) the key lock is obviously the most easily bypassed. A mechanical key being just a shaped piece of metal, can be very easily copied even from a photograph and copies of keys can be created more easily than ever with the use of 3D printing for example.
When it comes to mechanical combination locks the story is a similar one. Combination locks work by rotating a series of wheels called "wheel packs" with a gap cut into them so that they line up and allow a mechanical lever attachment known as a "fence" to drop into it and operate the lock. Locksport enthusiasts all over the world constantly exchange knowledge and techniques in defeating both antiquated locking methods.
All in all, it's safe to say that for secure applications the mechanical key, or mechanical combination lock, has been unfit for purpose for many years now.
Time For A Practical Solution
To Physical GDPR Compliance
Responding to an obvious GDPR demand the new Sargent & Greenleaf GDPR audit lock tracks access to burglary resistant safes, cabinets or filing cabinets by identity, date, time and code, automatically.
Audit logs can be easily downloaded and viewed by the data controller via an inbuilt USB download facility, but the log will automatically erase after 1000 entries, completely compliant with the limited data retention aspect of the GDPR.
Sargent And Greenleaf audit trails are in themselves GDPR compliant as users are identified by audit ID number only, so only the data controller that authorised the access can identify the specific user. These new practical and eminently affordable locks are fully certified for use on safes and vaults up to grade V with high level security protocols built on proven A-series ATM lock and CIT technology.
Software for basic GDPR operation is provided free of charge.
With the system already having been adopted by high profile businesses such as PayPal Worldwide and Grant Thornton, Sargent And Greenleaf A-series audit locks take away the burden of GDPR compliance freeing up staff and administration time for other tasks, so, when it comes to controlling physical access to files and physical media the new Sargent And Greenleaf GDPR audit lock system is simple 21 st century answer to physical GDPR compliance.
The Sargent And Greenleaf GDPR Audit Lock
USB Audit Lock Features:
Cost: GDPR audit locks start at €580.00 including software. Training can be provided for data controllers and office admins.