The G.D.P.R. Audit Lock From Sargent & Greenleaf
The General Data Protection Regulation (GDPR) will come into force on the 25th of May 2018, replacing the existing data protection framework under the EU Data Protection Directive. Regulators and legislators may have been thinking about businesses such as Google, PayPal and Facebook when drafting the regulation but the GDPR makes it clear it applies to anyone holding or handling personal data, on any scale, and this most certainly includes paper files.
What Does This Mean?
Whatever system you use to process information that can identify a natural person, it must be demonstrably secure, restrictive, hierarchical and suitable for purpose. The important word here is “demonstrably”. The processing system for paper documents must be provably compliant with the GDPR and produce an audit trail verifying compliance.
Organising Paper Files
As we have said, all paper files that carry information that can identify a natural person are required to be secured against unlawful destruction and unauthorised, unrecorded access. Initially this means identifying and separating the relevant information. Paper files with this type of information need to be organised, secured and identifiable to comply with the data subject’s right of erasure, right of access, right of rectification and right of restriction. More fundamentally the question needs to be asked: is this information required and have the data subjects given consent for it to be held and used for all of the purposes it is being used?
Third Party File Storage
Another question that needs to be asked is: if you have transferred storage or management of this information to a third party, did you get permission from the owners of the data, the data subjects, to do so? Can you verify how the information is being secured and that access to it is both restricted and audited? Is it being held in a manner that is certified for the risks of fire and burglary?
Securing Paper Files In House All paper files that carry information that can identify an individual must be held in a locked data cabinet, safe or room suitable for the risk environment. This has been fairly common practise in legal and medical environments for many years. However under the GDPR a system must be in place that ensures that permission has been obtained to hold these files and that there is a process in place to destroy the information when it is no longer required.
Furthermore the file’s storage system has to provide a verifiable record of who has access to personal files and the authorisation for that access. When we say “verifiable” this means it must be provable.
Saying that only certain people have keys to a filing cabinet doesn’t constitute proof. Particularly as keys are so easily copied, even from a photograph and many filing cabinet keys are exactly the same.
Advanced And Affordable
S&G offer a range of affordable, state of the art, data safe and data cabinet locks that not only record the access to files automatically but provide the data controller with an easy method to download secure bank level audit trails via a USB flash port.
The entry level locks record 1000 events and users are identified by a two digit number at the beginning of their access code. These audit trails can be downloaded and stored at regular intervals and are obviously a superb staff time saver. This easy to use and verifiable technology has already been adopted by many big names in I.T.
The new S&G audit locks are, in the case of paper files, the very definition of the “Privacy by Design” concept of the GDPR when it comes to restricting and auditing access to relevant paper files. Originally developed for high risk banking, cash-in-transit, the system is demonstrably secure, restrictive, hierarchical and entirely suitable for purpose. The new USB GDPR audit locks from Sargent And Greenleaf can quickly and affordably build automatic privacy and security into your entire paper file process.
USB Audit Lock Features:
- 1,000 event-, time- and date-stamped audit trail.
- Fast download to USB flash drive and can be saved as PDF, Excel, Word or Txt file.
- Via keypad for single control, dual control and manager/employee modes (up to 100 users).
- Configurable Manual Secure Functionality (00#).
- Improved Daylight Savings Time Feature (easier to program).
- Non-solenoid construction eliminates threat of vibration and bouncing attacks.
- Penalty lockout feature prevents opening by entering sequential or random codes until a valid code is found.
- Integrated user interface with three keypad LEDs for lock status indication.
- Audible and visual signals every time bolt extends to locked position.