Our document storage processes, systems and facilities provide the basis for compliance with the General Data Protection Regulation (GDPR). Compliance is imperative to avoid the consequences of substantial fines, up to £17 million or 4% of your business’s global annual turnover, whichever is greater.
As part of compliance, you need to know exactly what personal data you hold, where you hold it and demonstrate the systems you have in place for controlling and protecting it, and how long you keep it for. We can provide cataloguing services to assist you on your GDPR journey.
Security of any records containing personal information is a key principle of the GDPR. If your business holds personal data of any kind, whether paper or digital, it is your responsibility to safeguard it. With the GDPR, a plan needs to be in place for potential data breaches, and should this occur, then you have to notify the ICO within 72 hours of your business becoming aware of it.
This is where outsourcing document storage services can help you be more organised with your archiving and lifecycle management, more robust in your security, and more prepared for compliance with the GDPR.
The ICO states:
“The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used.”
How we can help – Paper Storage
Our secure document storage warehouses and infrastructure provide a safe haven for physical archives, while our barcoding technology accurately ‘tracks and traces’ movement in and out of storage, providing an audit trail of activity.
Omnidox Records Manager, our system for managing and controlling physical archives has many benefits to support GDPR compliance. It enables retention dates to be set, records archiving activity and prompts scheduled actions.
“The GDPR places greater emphasis on the documentation that data controllers must keep to demonstrate their accountability.” ICO
Many clients feel that storing their physical archives with us is more secure than storing them in their own filing rooms, or at their own premises where it may be difficult to restrict access, and control movement of paper documents. Locating specific paper documents can also be a problem, which isn’t ideal if you need to retrieve a record quickly.
Knowing exactly where to locate a record is important. Individuals have greater rights over the information you hold on them, and may request it be destroyed, so being able to access their records swiftly is imperative.
How we can help – Digital Storage
Our digital storage system in the form of Omnidox meets with strict security protocols. Hosted and maintained by Box-it on UK based servers, Omnidox is a resilient platform which is routinely backed-up. Box-it’s systems undergo regular penetration tests to protect against cyber-attacks, which again is an important part of the GDPR.
Access is restricted to authorised users and password protected and all activity is tracked and recorded in an audit trail. Quick search and retrieval provides efficient access to a specific record, such as if an individual wants to know what data you are holding on them, and for their details to be erased.
If you haven’t considered outsourcing your document storage before, now may be the time to evaluate this. Please contact us to find out more.
This is outline guidance only. Please refer to the ICO website for detailed information on compliance.