The GDPR will have a dramatic impact on the way data is managed, and steps need to be taken to prepare. With only six months left to meet the May 2018 deadline, the clock is ticking.
The consequences of failing to adhere are significant, data protection regulators will have the powers to impose fines up to €20,000,000 or 4% of your organisations total worldwide annual turnover. The question is, are you prepared?
While many sectors have embraced new technologies, the information handled by health and legal professionals is often held in hard copy rather than as digital files.
When considering the implications of GDPR it can be easy to overlook paper copies of documents, records and files. However, the ICO found that loss and theft of paperwork accounted for 26% of data security incidents relating to solicitors and barristers in 2015/16. Additionally, there was an 11% increase in reported data security incidents in the health sector during Q1 2017.
Therefore, it’s important to remember that online security is just a small part of your businesses overall compliance. Whilst cyber security may involve the introduction of encryption software to protect sensitive data, for hard copies compliance can be demonstrated by providing lockable cabinets to store documents.
The KitLock NANO90 offers a secure solution to this problem. The compact and discreet lock can easily be retrofitted onto drawers and cabinets, instantly providing cost-effective, GDPR compliant storage. The keypad coded locks remove the hassle of key management and offers public and private function options, maximising their potential usage. Additionally, the locks can just as easily be fitted in place of key locks on existing office furniture.
However, there is more to keeping your data safe than simply locking it up. Here are some practical points to consider when preparing for the GDPR:
Do you know where the information is?
The right to erasure states that “The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.”
However, if you cannot find the information in your paper documents you stand no chance of complying with the GDPR. Is it in the building? Is it in storage? Now is the time to complete a data audit, whilst this may seem time consuming and potentially costly, it is far better than the huge penalty you will otherwise face.
How many copies do you have?
One of the biggest issues with paper documents is the ability for them to be duplicated. Human error, insecure disposal and duplication through accidental printing all pose as huge threats to document control and expose your organisation to potential data breaches.
Are your documents private?
Paper documents are at high risk of getting into the wrong hands, therefore this is an important area of conversation to have with employees. Transportation of data, whether it be an employee leaving their bag on the bus or a courier losing a box of records, can result in information easily getting into the wrong hands.
Are you managing your retention periods?
The GDPR states that personal data “must be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods insofar as the data will be processed solely for archiving purposes in the public interest, or scientific, historical, or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals.”
Do you currently have a system to manage the retention periods of your paper files? If a digital file is destroyed, yet a paper version is stored in a box your compliance with the GDPR may be affected.
Clear desk and clear screen policy
A clear desk policy for papers and a clear screen policy for information processing facilities should be adopted. This will help you comply with the GDPR’s principles of accuracy, and integrity and confidentiality. With cost effective solutions such as the KitLock NANO90, there is no excuse for a business to fall foul of the new legislation.