CONFIDENTIALITY & SECURITY
Digital Tec Solutions (T/A Documents Scanning Company) ensure that policies and mechanisms are in place to provide and preserve our client’s data privacy and confidentiality while delivering a high quality yet simple data archiving solution.
This requires organisational safeguards and a multi-level technical framework. We have highlighted just few of the safeguards for your consideration.
- DTS are a limited company registered with Data Protection Act authority. (Registration Number ZA766325)
- All the staff employed must conform to a confidentiality agreement.
- No agency workers are used within our organisation.
- Collection and deliveries of your documents are made using our own unmarked vehicle.
- Each member of staff is given restricted user access level to information and thus may only access data to which they are authorised for.
- Undertake secure shredding, this allows the efficient destruction of documents with a shredding certificate.
- No company institute or third party would gain access to your data or files. Total confidentiality and protection of your documents are assured.
- We have strict codes covering professional integrity and ethics, which is contained within a manual distributed electronically to staff who must annually confirm their compliance.
General Data Protection Regulations
What is GDPR?
The European Union have replaced the Data Protection Act 1988 (DPA) with the new General Data Protection Regulation (GDPR) which was put in place for all organisations who operate within the EU on the 25th May 2018. The directive is designed to improve the way that companies collect, handle, process and archive personal data such as accounts, HR files and customer’s confidential information.
Personal data that needs to be protected under the GDPR is any information regarding an individual that can be identified from that data, such as names, address, job etc. Sensitive data includes information like racial origin, sexual orientation, political opinions etc.
What’s different about GDPR?
The GDPR is very similar to the DPA but the new regulation introduces updated security requirements when processing and storing personal data. All organisations are expected to prove that they’ve implemented the “Data Protection by Design and Default”, which is outlined in Article 52 of GDPR. This implies that all companies will need to invest in additional technology, processes and training in order to secure and manage client’s personal data.
A key change highlighted by GDPR provides the right for individuals to request confirmation from the data controller as to whether their personal data is being used, where and for what purpose. Additionally, the controller is required to provide a copy of the individual’s personal data in the same format that it was requested, whether it’s electronically or manually posted. Individuals also have the right to be forgotten and their personal data to be deleted from a database.
Another aspect that has been prioritised with the GDPR is the protection around cyber security. This is due to the recent increase of social media, instant messaging and other digital communication platforms that are now introduced in day-to-day business, as it involves customer’s IP addresses relating to locations
What does this mean for your business?
Due to individuals now having the right to access and request their documents, organisations should be prepared to send an electronic copy of the data that illustrates how the data is being used and for what purpose, if it was requested electronically, within 30 days. For instance, if the request is made via email, the information should be provided in a commonly used electronic format, such as a pdf.
It would be very impractical for businesses if a large quantity of people requested a copy of their personal data, as it would cost time and money when constantly sending the documents over. If the individual requests for the copy over email, it’s essential that an electronic copy is sent.
Digital Tec Solutions Ltd can scan your company’s documents that contain personal data e.g. HR records that need to be managed efficiently, with an audit trail of how the data is being processed. The company can index the documents by employee name, which allows each file to be easily searched and sent over quickly.
Organisations are also expected to only store personal data if it’s absolutely necessary and in secure premises. Digital Tec Solutions Ltd ‘s archiving services provide a fully secured facility, with the ability to provide a full audit trail of all staff and processes.
How does Digital Tec Solutions Ltd comply with GDPR?
Although the regulation doesn’t come into effect until 2018, the government is encouraging organisations to start taking measures now to ensure all necessary processes and procedures are in place to meet these guidelines. In order to be GDPR compliant, Digital Tec Solutions Ltd will be able to demonstrate a number of data protection regulations, including the following:
- All projects that Digital Tec Solutions Ltd publish have an associated index list with contents of each box, this allows for file retrievals to be carried out quickly and efficiently
- Digital copies are kept in our secure server for two weeks, this allows the customer sufficient time verify their documents before destruction.
- Digital copies will be destroyed after two weeks
- Customers have the right to erasure of their data at any time from our server by sending an email.
- Data processors are now regulated in the same way as Data Controllers, with joint liability in the event of a non-compliance.
- All Digital Tec Solutions Ltd staff who handle personal data will be provided with adequate training, with a full audit trail
What happens to organisations who refuse to comply with GDPR?
Any organisation that fails to comply with GDPR rules and regulations set out by the EU could face harsh consequences, such as fines of up to €20 million or 4% of the company’s annual turnover, whichever is greater.
Ensure your data is safe with Digital Tec Solutions Ltd
The company’s scanning bureau is also accredited for Data Protection Act Authority Registration Number ZA766325.
Outsource your company’s important and confidential documents to Digital Tec Solutions Ltd , with assurance that all data will be handled, processed and archived securely through measures that are GDPR compliant.