GDPR and Physical Personal Data Security
GDPR became the law on the 25th May 2018 – and there are still many questions that most of our customers seem unsure of.
A common misconception is that it only affects computer records. This isn’t true; in fact, as computer records are easier to search, it’s simpler to delete records no longer needed from a computer than to find and shred physical records which have outlived their usefulness.
Particularly for GPs, dental surgeries, private clinics, therapists and counsellors, this is likely to present a problem. However, it may also cause issues for other types of business!
What Does GDPR Affect?
There’s a lot of detail to GDPR, but from this perspective, the basic ‘rule’ to follow is that a business only has a right to keep personal data it can reasonably expect to need.
There’s some discussion about what this means, but the following is likely:
- You can keep personal data – names, addresses, private phone numbers, etc. – for people you can reasonably expect to come to you again in the foreseeable future. So, any regular visitor or anyone who regularly orders from you is certainly safe. However, anyone who made only one contact, several years ago, and who has not responded to any follow-ups is probably not worth the risk of keeping their details.
- You can keep personal data for people you deal with regularly in a professional capacity. So, for example, if you have a specific person assigned to your trade accounts when you restock, you might reasonably need their information. However, if that specific person leaves the company you restock from, you no longer need their details and they should be dealt with immediately.
Just as important as what data you can keep is how well protected it is. This data should not be accessible to anyone who doesn’t have a reasonable need for it.
This means you could violate GDPR if you leave someone’s records out while the cleaner is busy in your office.
Protecting Physical Personal Data
By now it should be clear that any personal records you keep physical copies of must be carefully protected. The penalties for violating GDPR are much steeper than for any previous data protection legislation.
Consider internal lockable steel security doors and security shutters to seal off those areas where records are kept out of hours. These and other security solutions will show that you are taking necessary steps to follow the law and to preserve essential data security.
At the heart of GDPR is a goal to keep personal data safe. It’s not that businesses shouldn’t have it but that private individuals with no right to that data shouldn’t be able to access it.
Security solutions like this can help you prove you’re working toward the same goal.
If you’d like to discuss the best possible ways to resolve this, please talk to the experts in our sales team directly.