Data protection laws are changing this year – instead of the Data Protection Act (1998) companies will be required to adhere to the EU’s General Data Protection Regulation from May 2018, which replaces the old act across the board. Although the UK is leaving the EU, we will still be part of it when these rules come into force and it is expected that the UK will continue to abide by these new laws in the future, to ensure consistency of policy for multinational corporations and to ensure the integrity of data security is not compromised in the future.
There are many changes in the way data is held and used under the GDPR, and for companies who store paper or digital personal data, they will have to demonstrate how they are keeping this information safe and secure. The storage of paper documents may well be on its way out, but there are still many instances in which digital documents must be underpinned by a paper copy which is signed, such as employment and house purchase contracts. Even if these documents are eventually digitised there is still a requirement to keep the paper copies, and the digital storage of these safe from harm.
The older Data Protection Act made some exceptions for small companies and charities in terms of how they use and store customer data, but the new regulations apply to every business, regardless of size or the nature of the data held. It is vital that companies are aware of the changes and that they take steps to comply fully, as soon as possible.
Using an access control system on your physical document storage area and any places where digital copies are kept on servers is one way of ensuring compliance with the new GDPR in May, and is a failsafe method of restricting access to all but essential employees. In terms of security it may be preferable to use a PIN keypad system over an RFID tag system, as a PIN cannot be lost or stolen. Staff given a PIN for access should be made to sign an NDA regarding their access and the methods used to keep data safe, to prevent unchecked PIN sharing and protect the integrity of the access control system.
It is expected that companies using an access control system to protect sensitive and personal customer data will be required to show they are using an NSI Gold Standard supplier, as this is the last line in defence regarding the integrity of an access control system. P&R Alarms have NSI/NACOSS Gold approval and we only use systems developed by companies with the same level of NSI approval. This means our customers can be safe in the knowledge that they are using the best, and most secure system available to them.
Our Paxton Net2 access control system is one of the industry leaders and offers superior connectivity with SMS alerts. The PC based system can be scaled to suit a business, from a small, single site company to multi-site global corporations. It can also be scaled to grow with a business, meaning you don’t have to switch systems if the company takes on more work and more sites, a factor that is very important in the decision of which access control solution to use.
Although there are a couple of months to go before the GDPR is enforced there is no time barrier on starting proceedings to ensure compliance, so if you have not already started looking at how you will protect personal data within your company now is the time. At P&R Alarms we know the security and access control industry inside out and can provide guidance, if you are unsure exactly what steps you need to take. With our heritage and NSI Gold Standard approval we can be trusted to provide the right system for you, and ensure it means full compliance with GDPR now and in the future. Call us today on 01905 799949 and get GDPR ready.