GDPR what about when you still need paper records?
Following our previous article on procedures for implementing
GDPR in a paper environment we now look at the implications on areas of business where paper will remain the dominant format. Even with the move to electronic filing and use of web forms , there are unusual circumstances where paper forms may contain information to be held permanently. People still make notes in paper form and other formats, such as architectural drawings are hard to amend on a portable tablet. In some circumstances you may still need paper records.
An example of how GDPR cam impact on paper records?
We were in the middle of a data protection review of an architectural firm and we were going through the usual cyber security settings, data – map and value – software issues. It all seemed that everything was ticking off nicely when it came to the document management system. My associate had discounted its contents, as architectural drawings do not contain personal data. I begged to differ. The company used sub contractors who would often print drawings off to go on-site. Even though the drawings did not contain anyone’s name, you could work out who lived there from the address or at least guess the sort of people from the social mix of the neighbourhood. (We might be talking high net worth people on country estates, or a highly paid footballer.) What’s even more pertinent is that if ever the drawings were lost, or got into the hands of criminals, they would have the layout of the property perhaps including positions of security alarms, cameras etc. Although not straightforward personal data, it could be identifiable and, more importantly, the consequences of that information being made available could be dire for the property owners whilst leaving the company open to a legal case as well as substantial reputational damage. That is why the regulations are not limited just to cyber activity, as they want companies to look at all areas of their operation in order to take due care of their client information, regardless of the format.
Next in the series. “What are the benefits of digitising paper records?”
If you need our assistance in getting your organisation GDPR compliant, please see our introductory offer and Services page. Further information is available in our FAQ section. The next GDPR seminar is on the 24th of April. To book click here.
About the Author:
Malcolm Ford has worked within the enterprise level arena on document management solutions for a variety of small to medium business’s across the UK.