Access Control in GDPR

Access Control in GDPR datascan

The Data Protection Commission states that a Data Controller is the individual or the legal person who controls and is responsible for the keeping and use of personal information on a computer or in structured manual files.

Access Control

When it comes to the security of personal data it is their duty to limit the access to this information on a ‘need to know’ basis.  With sensitive information (as defined by GDPR) the security of that data is even more important to ensure only those who strictly need access can have it.  This will keep the information safe, limit exposure and help prevent data breaches.

Levels of Access

Deciding on the levels of access available will depend on the organisation and the various roles involved.  This process is much easier to do when the data files are stored digitally.  A password and user name can be created for all involved with various access levels.  It is pretty straightforward; you only need access to view personal data if you require it to perform your job.   It is also important that these access levels be reviewed regularly.

Benefits of digital files

With paper files, it is much more difficult to separate information and limit access, digital files can be indexed and separated quite easily.  Downloading of information, or sending by email can all be limited and IT systems can be put in place to prevent this.  Encryption can be used for those storing or accessing information on a laptop.  Digital file access can be monitored by logging activity of who accessed what, when and why.  Having digital files helps with reports and allows an audit to be done quite simply.

Data Control

Importantly if a data breach does happen, it will easier to find out what happened, control it and work to prevent it reoccurring.  With more remote workers and taking the human factor into account, the Data Controller should push for all files in the organisation to be scanned and transformed into digital files.  This will make the control of data more manageable and will help with access control and keep the data protected.

If you are a Data Controller talk to our friendly expert team about getting your documents transformed to digital.