The GDPR And Paper Files - Certified Solutions To Security And Audit
The GDPR And Paper Files
All Paper files with personal information are required to be protected against unlawful destruction and unauthorised access. Furthermore there is a legal requirement to record who accessed the files, for what purpose and when. This information must be recorded and maintained as part of process but there are some exceptions for Small Businesses
Article 30 (7) – GDPR
“The obligations referred to in paragraphs 1 and 2 shall not apply to an enterprise or an organisation employing fewer than 250 persons unless the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10.”
What Does This Mean?
For a small business, depending on the result of the risk assessment, it is possible to have an audit trail that simply records authorised personnel and their access to files relating to individuals without the need to record what specific file was accessed on a file by file basis; however strict criteria must be met. The processing must not be” likely to result in a risk to rights and freedoms of the individual”.
Affordable GDPR Solutions For Small Business
We offer a range of affordable, state of the art, data safe and data cabinet audit locks that can be easily retro-fitted to many existing data and filing cabinets. Not only do these locks record the access to files automatically but they provide the data controller with an easy method to download secure bank level audit trails via a USB flash port and FREE bank standard audit software.
The entry level locks record 1000 events and users are identified by a two digit number at the beginning of their access code. These audit trails can be downloaded and stored at regular intervals and are obviously a superb staff time saver. This easy to use and verifiable technology has already been adopted by some big names in I.T. such as PayPal, Slack and Interxion Data Centres.
These new S&G audit locks are, in the case of paper files, the very definition of the “Privacy by Design” concept of the GDPR when it comes to restricting and auditing access to relevant paper files. Originally developed for high risk banking, cash-in-transit, the system is demonstrably secure, restrictive, hierarchical and entirely suitable for purpose. The new USB GDPR audit locks from Sargent And Greenleaf can quickly and affordably build automatic privacy and security into your entire paper file process.
Under the GDPR, data controllers must implement a system to protect physical data, such as paper files and physical media against; 1. Accidental or unlawful destruction 2. Accidental loss 3. Unauthorised disclosure or access. However, it is important to note that the system must also provide a record of when data is accessed and by whom. For compliance with the access management aspects of the GDPR, the system used must be demonstrably restrictive and hierarchical.
Training And Support
Training for your data controller will be provided and the software required to operate the system is FREE OF CHARGE.
Book A Risk Assessment Now: BOOK HERE