Solution in detail
Pseudonymization and encryption (GDPR Art. 32 (1a)
Digital data are files that have a file name and content. Even the file name can often provide information about the content. According to GDPR Article 32 (1a), pseudonymization and encryption are appropriate technical measures for the protection of personal data. SimpleumSafe encrypts all files with AES-256, an accepted and proven standard for strong encryption. File names are not recognizable from “outside ” with an unopened safe.
Confidentiality (GDPR Article 32 (1b)
Access to the data with SimpleumSafe is only possible with a password or with the iPhone with any biometric authentication.
Integrity (GDPR Article 32 (1b)
Integrity is the protection of data against manipulation and damage (hardware defect). SimpleumSafe provides an integrity check that checks all data for readability and error-free decryptability.
Availability, recovery after technical incident (GDPR Article 32 (1b.c)
You can backup a safe created with SimpleumSafe encrypted with Apple Time Machine or any other backup solution. In addition, SimpleumSafe itself has its own backup solution. As a result, your data backup is encrypted. In the event that you have forgotten your password and you are actually no longer able to access the data, you can use a so-called recovery password to reset your password, provided you have previously created such a recovery password.
Information for all affected persons in the event of data loss or theft
If you have encrypted your data with SimpleumSafe and a Safe ends up in the hands of third parties by theft, you do not have to share this information to your clients. This is where GDPR Article 34 (3a) applies]: […] The communication to the data subject […] shall not be required […] in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption […] ”
Data in the cloud
SimpleumSafe uses the “extreme secure synchronization ” for synchronization with the iCloud. Even if the synchronization data has been stolen from the cloud and the password has become known, the data can still not be decrypted. In this case, the cloud provider is not a order data processor according to GDPR, as he cannot gain access to the data.
Create photos with personal information
Use the ability to use SimpleumSafe for iOS to directly create photos on iPhone and store them in the Safe in an encrypted manner. These photos are then not stored in the photo library. This makes it easy to photograph medical and care documents, etc.