Safe4 GDPR Extensions

Introduction

This section of the Safe4 Guides addresses the additional functions that have been developed specifically in order to assist Safe4 customers with their own compliance programmes for GDPR. The General Data Protection Regulation became law across the European Union on 25 May 2018, and was incorporated into the UK Data Protection Act at the same time. It requires all organisations who manage information that allows the identification of living individuals in the EU to be compliant.

Much of the information held within Safe4 is being managed by businesses who deal with individuals, and a proportion of this is personal information. It is thus necessary for the organisation managing this information to be able to comply with the regulation, and the changes recently made to Safe4 are intended to address this obligation.

The additional functions now in the system enable the complete removal of providers, vaults and users. Once removed, this information cannot be recovered. For this reason the additional functions, described here as GDPR Extensions, are only granted to system administrators who have been explicitly nominated by the organisation responsible. The enabling of these capabilities can only be done by the Safe4 account management team.

The GDPR Extensions are broken down into 5 separate segments:

• Deleting providers
• Deleting vaults
• Deleting users
• Deleting previous versions of files
• Producing a Subject Access Request Report

Retention of Data

GDPR stipulates that data must be removed from all of a service providers’ systems if the client chooses to sever their relationship with the provider. The ability to do this is described in this section of the Safe4 Guides. However, because Safe4 maintains an audit trail of all the actions that have taken place in the system, a permanent record is retained of the fact that an individual was a user in the system, and the actions that were performed by them whilst they were a user. All of the content relating to the individual is removed – all of the folders, files and asset records will be permanently deleted, but the “stub” of data that records their activity is retained. This has been done to protect Safe4 customers from possible future difficulties from former clients or users, should any inappropriate action have been carried out by them while they were users of the system.