The GDPR focus is often placed on cyber security threats, server hacks, database vulnerabilities and data stored on and transmitted between servers and networks. However, paper documents, paper records and files are being severely overlooked. This is extremely dangerous!
Here are some things to take into consideration when focusing on the physical copies of data that you have acquired:
Can you find all the data you need?
Now that the data subject has a right to be able to request their data for free, you must provide them with this information within a month of request. But what if you can’t find this data? You obviously have it somewhere, but what if you have misplaced this physical copy of personal data. You must keep tabs on where you store all of your information. A filing cabinet is an obvious choice for storing these kinds of documents.
How many physical copies of your document exist?
It is very easy for paper documents to lead a double or triple life. The greatest threats to even the most secure information storage policy include the duplication on a photocopier, increased copies on a laser printer, insecure disposal of the documents and removal of documents from the building. Human error and human handling of documents can result in a complete lack of document control and exposes your organisation to data breaches.
Are you able to keep your documents private?
Privacy of data is key to the GDPR. Paper documents can easily get into the wrong hands and this could just as easily become a data breach. Transportation of data in any format, including paper, should be seen as a threat to information security. This is why documents containing anybody’s personal data should not be left on desks or around the office. Instead, they should be stored in a filing cabinet or draw that can be locked overnight.
Online GDPR Training
Here at iHasco, we offer an Online GDPR Training course that takes a look at different types of personal data, how to process this data and security of personal data.
We also have a GDPR course available for managers which looks into the accountability principle and individuals rights under the GDPR.