Physical and technological failures and glitches occur even in the best-maintained and most secure files. The GDPR requires organizations to delete personal data in certain circumstances. GDPR: Working with health data can cause headaches ... alter, use, or disclose any “information which relates to the physical or mental health of an individual, or to the provision of health services to the individual” without the patient’s consent. This means that you should develop your website or app in such a way that builds secure data processing into its core functioning. A key principle of the GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’. The GDPR suggests encrypting personal data at Article 32. It also includes data routinely requested by websites, such as IP addresses, email addresses, and physical device information. But if you’re using software to check in visitors, this responsibility will also extend to the software company. You can encrypt log files using technologies such as OpenPGP. From a GDPR perspective, you should think about protecting VMs as you would protect physical servers including the use of VM TPM technology. GDPR is not actually creating a sudden sea change when it comes to data transfer. Don’t worry, this doesn’t mean manually scanning your whole library of documents yourself. The GDPR requirements govern almost every data point an organization would collect, across every conceivable online platform, especially if it's used to uniquely identify a person. Specialist scanning services can do the job for you extremely quickly. ... is whether now is the right time to reduce the risk of physical document theft even further by digitizing your files. You can view files/folders in Explorer/Finder, as with any storage system, and view within the apps own UI. This is why the General Data Protection Regulation (GDPR) requires a plan in place to safeguard and restore data in personal files of EU citizens whenever a technical or physical incident occurs. In Recital 108, the GDPR advocates "data protection by design and by default." Physical appearance and the GDPR Niall McCreanor 23rd February 2018 After our recent discussion on personal data under the EU General Data Protection Regulation (GPDR), many people seemed surprised by the extent to which someone’s physical appearance is considered personal data. Files can be accessed from Windows, Mac, Linux, IoS and Android platforms. Technically, what does a transfer mean? The included UI adds capabilities as viewing the physical location of the file’s storage system, an important attribute for compliance. Why Physical Measures are Important to GDPR. Deleting a backup or manipulating the files therein can be a problem for the integrity of the backup as a whole. A transfer may mean moving the source data to a machine outside the EU. If you’re still using paper, a physical break-in or misplaced files would constitute a breach (this article has helpful information on securing your paper files in compliance with GDPR). Doing this requires you to consider things like risk analysis, organisational policies, and physical and technical measures.