The digitization of processes, the outsourcing of data to cloud solutions, email archiving, the implementation of the requirements from the GoBD with regard to the documentation of digital business processes with corresponding storage solutions and backups as well as the handling of the extensive requirements for IT security and data protection resulting from all this are all part of the The center of the action.
The changes to the paper archive since the introduction of the GDPR
According to our observation, however, since the introduction of the GDPR, a standard topic with a similarly high level of data protection explosive has been more and more in the background in many places: the classic paper archive. No matter whether small or large companies, a lot of personal data is stored to this day – and new files are regularly added – in offices, cupboards, storage rooms, basements, sometimes distributed in several places in the company. Even in archives that appear to be exemplary and well-secured. At second glance, e.g. In the course of a data protection audit, if you take a closer look, you will notice that you are neglecting access rules. Archives are also storage space for office materials. If the archive is housed in a room together with the building services, the cleaning room serves as an archive, etc. Without anyone even thinking about it, basically all employees, as well as external craftsmen, cleaning staff, suppliers and other service providers and visitors arrive without any Control over personal data and trade secrets.
The importance of access security
Access rules are just as important here as regulated access to data on a PC or server, a central and indispensable requirement for data protection or sometimes laboriously created technical and organizational measures at the level of “digitized business processes”. These must not be thwarted by missing or insufficient TOMs at the level of the paper archives. Because all categories of personal data are regularly in the paper archives. These are more and more successfully protected from the gaze of unauthorized third parties in electronic form. It is therefore often worth taking a critical look at the existing paper archive – also to avoid fines.
You are not sure whether your paper archive complies with data protection regulations and whether access rules are in place and are being observed? We are happy to support you with this and all other matters relating to data protection and IT security. Contact us here using our contact form or call us on 08505 91927-0.
Herr Goslar bringt 18 Jahre Berufserfahrung als HR- Businesspartner, Account Manager und Führungskraft mit. Darüber hinaus hat er sich in Schnittstellenfunktionen zwischen IT Sicherheit und Datenschutz umfangreiches Know – How angeeignet. „Als zertifizierter Datenschutzbeauftragter, betreue und berate ich sie gerne bei der Umsetzung der DSGVO.“
This post is also available in: German