As a professional secret expert, lawyers in particular are particularly challenged to ensure compliance with data protection and personal law requirements.
Lawyers are subject to confidentiality under the subject of the German Criminal Code § 203 and collect a large number of personal data, which are usually stored electronically today. Some transcripts are also made directly to a tablet computer or Macbook.
Since 25 May 2018, new data protection rules have been in force, which become effective under the EU General Data Protection Regulation (EU GDPR). The EU GDPR is an European Union regulation that unifies the rules on the processing of personal data by private companies and public authorities across the EU.
Keep in mind that personal data must always be protected against unauthorized access, including in the event of loss / theft. In the event of loss / theft, where the data can be viewed by unauthorized persons, you must always inform all persons concerned.
The use of cloud storage solutions is also particularly problematic. If you store unencrypted data in the cloud, you need a data processing contract with the cloud service provider, and still need to notify all your clients of possible disclosure or theft in the event of a data breach. This risk is too high and, unfortunately, far too often in the past. Your clients data deserve better protection.
If you collect client data on a Mac and/or iPhone/iPad, you can store that data with SimpleumSafe GDPR compliant. Strong encryption is used on the devices. A synchronization of different Macs or iPhone/iPad can also be carried out encrypted via the cloud. In this case, the cloud provider has no way to gain insight into the data, nor does it need to be concluded with a data processing contract.
SimpleumSafe is already used by many lawyers. Due to the similarity with the Mac Finder, an introduction is done quickly and a training is not necessary.
Solution in detail
Pseudonymization and encryption (GDPR Art. 32 (1a)
Digital data are files that have a file name and content. Even the file name can often provide information about the content. According to GDPR Article 32 (1a), pseudonymization and encryption are appropriate technical measures for the protection of personal data. SimpleumSafe encrypts all files with AES-256, an accepted and proven standard for strong encryption. File names are not recognizable from “outside ” with an unopened safe.
Confidentiality (GDPR Article 32 (1b)
Access to the data with SimpleumSafe is only possible with a password or with the iPhone with any biometric authentication.
Integrity (GDPR Article 32 (1b)
Integrity is the protection of data against manipulation and damage (hardware defect). SimpleumSafe provides an integrity check that checks all data for readability and error-free decryptability.
Availability, recovery after technical incident (GDPR Article 32 (1b.c)
You can backup a safe created with SimpleumSafe encrypted with Apple Time Machine or any other backup solution. In addition, SimpleumSafe itself has its own backup solution. As a result, your data backup is encrypted. In the event that you have forgotten your password and you are actually no longer able to access the data, you can use a so-called recovery password to reset your password, provided you have previously created such a recovery password.
Information for all affected persons in the event of data loss or theft
If you have encrypted your data with SimpleumSafe and a Safe ends up in the hands of third parties by theft, you do not have to share this information to your clients. This is where GDPR Article 34 (3a) applies]: […] The communication to the data subject […] shall not be required […] in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption […] ”
Data in the cloud
SimpleumSafe uses the “extreme secure synchronization ” for synchronization with the iCloud. Even if the synchronization data has been stolen from the cloud and the password has become known, the data can still not be decrypted. In this case, the cloud provider is not a order data processor according to GDPR, as he cannot gain access to the data.
Create photos with personal information
Use the ability to use SimpleumSafe for iOS to directly create photos on iPhone and store them in the Safe in an encrypted manner. These photos are then not stored in the photo library. This allows you to easily photograph documents of your clients, etc.