This means that you should develop your website or app in such a way that builds secure data processing into its core functioning. From a GDPR perspective, you should think about protecting VMs as you would protect physical servers including the use of VM TPM technology. You can view files/folders in Explorer/Finder, as with any storage system, and view within the apps own UI. The GDPR requirements govern almost every data point an organization would collect, across every conceivable online platform, especially if it's used to uniquely identify a person. ... is whether now is the right time to reduce the risk of physical document theft even further by digitizing your files. Specialist scanning services can do the job for you extremely quickly. GDPR is not actually creating a sudden sea change when it comes to data transfer. If you’re still using paper, a physical break-in or misplaced files would constitute a breach (this article has helpful information on securing your paper files in compliance with GDPR). Files can be accessed from Windows, Mac, Linux, IoS and Android platforms. Doing this requires you to consider things like risk analysis, organisational policies, and physical and technical measures. It also includes data routinely requested by websites, such as IP addresses, email addresses, and physical device information. This is why the General Data Protection Regulation (GDPR) requires a plan in place to safeguard and restore data in personal files of EU citizens whenever a technical or physical incident occurs. You can encrypt log files using technologies such as OpenPGP. The GDPR suggests encrypting personal data at Article 32. Why Physical Measures are Important to GDPR. But if you’re using software to check in visitors, this responsibility will also extend to the software company. The included UI adds capabilities as viewing the physical location of the file’s storage system, an important attribute for compliance. In Recital 108, the GDPR advocates "data protection by design and by default." A transfer may mean moving the source data to a machine outside the EU. A key principle of the GDPR is that you process personal data securely by means of ‘appropriate technical and organisational measures’ – this is the ‘security principle’. Technically, what does a transfer mean? Deleting a backup or manipulating the files therein can be a problem for the integrity of the backup as a whole. Physical appearance and the GDPR Niall McCreanor 23rd February 2018 After our recent discussion on personal data under the EU General Data Protection Regulation (GPDR), many people seemed surprised by the extent to which someone’s physical appearance is considered personal data. Physical and technological failures and glitches occur even in the best-maintained and most secure files. GDPR: Working with health data can cause headaches ... alter, use, or disclose any “information which relates to the physical or mental health of an individual, or to the provision of health services to the individual” without the patient’s consent. Don’t worry, this doesn’t mean manually scanning your whole library of documents yourself. The GDPR requires organizations to delete personal data in certain circumstances.