ProVide as a tool box for GDPR
Secure file sharing and collaborative project workspaces do require organizational and technical GDPR consideration. ProVide Servers has a built-in secure web server with sharing & collaboration features including direct editing that ticks all technical requirements for GDPR. Files are stored, edited and saved on your own servers. Using ProVide you can even send a link directly to an external editing consultant, e.g. a photoshop file, that is opened directly in photoshop on the receiving client computer. When saving the file it is saved on your server and nothing is left behind on the client end. A photoshop document is one thing; but what about editing a customer registry excel file, a patented blueprint or a patient journal file. This is where secure encrypted connections and GDPR comes into play, all neatly managed by ProVide server.
ProVide is a secure and easy-to-use platform for distributing and acquisition of documents and files supporting collaboration between co-workers and internal/external teams. Systematically implementing ProVide offers a route for both directly and indirectly map and solve some of the technical issues and thus moving forward in complying with the purpose and principles of the GDPR.
Introducing ProVide to your organisation offers the opportunity to document and map data sources and the whereabouts of information assets as well as centralizing storage. The technical capabilities of ProVide well exceeds the GDPR requirements of security by design and security by default as it provides secure, encrypted access, that can be properly logged.
- By integrating ProVide to the user management and authorisation system, be it the built in user registry, Active Directory, or ERP-system, employees may e.g. acquire salary specifications directly from ProVide. Mailing salary specifications, as pdf-files, via unencrypted e-mail will most likely not comply with GDPR based on for instance unsecure protocols and redundant storage.
- Access to data and data accuracy. Registered subjects have the right to access all data that have been stored specifically regarding personal data, descriptions and pictures in a reasonable period. Furthermore, subjects also have the right to have erroneous data corrected without unduly delay. ProVide supports implementation of automated scripts, allowing data from mapped sources to be collated, consolidated and presented for access and correction purposes. This empowers the organisation with both data portability and with effective ways to enhance data quality.
- Data minimisation and minimal processing. Only data, relevant for the specific purpose for which it is acquired, may be stored and processed given that the purpose is lawful. Introducing ProVide offers an opportunity to centralize mapping of data, and thereby establish high quality documentation of relevant data sources. This empowers the organisation to minimise storage, reduce redundancy and eradicate erroneous data.
- The right to be forgotten. Introducing ProVide and thus mapping and documenting data sources establishes a clear depiction of what data need to be deleted or corrected from files, ERP-systems and other sources. GDPR at the very core, requires you keep track of what is stored and where so getting started is of the essence.
- Right to notification if data is compromised. If a security breach compromises personal data, subjects has the right to be informed within 72 hour upon detection. ProVide employs extensive logging capabilities and proactive scripts that, combined with state-of-the-art security design and an array of security mechanisms allows ProVide to detect, log, and implement corrective measures (like blocking access), while directly notifying responsible technicians.