Every human being and every company in the EU is automatically subject to these new regulations. The objective is, among other things, that anyone who works with personal data may only collect it on a legal basis and that this data is then protected from unauthorized access.
This article is limited to the protection of digital personal data.
- The regulation is addressed to anyone who processes personal data. Also, to self-employed, freelancers, associations etc.
- New is also the reversal of the burden of proof. You must be able to demonstrate that you are protecting this data.
- Also new are the drastically higher possible penalties for non-compliance.
- Offers, contracts, invoices, applications, certificates, payroll accounting
- Patient records, process files, hospital reports, tax returns
- Call logs, reports
- Photos (e.g. damage reports, inhabited flats, disease pictures, …)
- You store digital personal data on the iPhone or Mac (hard drive)
- Create a backup on an external hard drive or a network hard drive
- You copy data to a USB stick
- Save data in the cloud (iCloud, Dropbox, …)
- You are using iCloud Photo stream which copies your photos to iCloud
Keep in mind that personal data must always be protected from unauthorized access, this also applies in case of loss/theft. In the event of a loss/theft in which the data can be viewed by unauthorized persons, you must generally inform all persons concerned.
At the moment, it is still unclear whether personal data of others can be stored in iCloud without further technical precautions, as Apple does not conclude an order processing contract.
Pseudonymisation and encryption (GDPR art. 32 Para 1a)
Digital data are files that have a file name and content. Even the filename can often provide information about the contents.
According to GDPR article 32 para 1a, pseudonymisation and encryption are appropriate technical measures for the protection of personal data.
SimpleumSafe encrypts all files with AES-256, an accepted and proven standard for strong encryption. Filenames are no longer recognizable by “outside”, i.e. with an unopened safe.
Confidentiality (GDPR article 32 para 1b)
Access to the data with SimpleumSafe is only possible with a password or with the iPhone with biometric authentication if necessary.
Integrity (GDPR article 32 para 1b)
Under integrity, the protection of data from tampering and damage (hardware defect) is to be understood.
SimpleumSafe provides an integrity check that checks all data for readability and error-free decryption.
Availability, restoration by technical incident (GDPR art. 32 Para 1b, c)
You can back up a safe that was created to me SimpleumSafe with Apple time Machine or another backup solution. In addition, SimpleumSafe itself also has its own backup solution which also allows an encrypted backup.
This means that your data backup is encrypted as well.
In the event that you have forgotten your password and you are no longer able to access the data, you can use a so-called recovery key to reset your passcode if you previously Have created.
Information for all persons concerned in the event of data loss or theft
If you have encrypted your data with SimpleumSafe and a safe is brought into the hands of third parties by theft, you are fortunately not required to inform.
This is GDPR article 34 para 3a:
“The communication to the data subject […] shall not be required […] and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption […] ”
Data in the Cloud
SimpleumSafe uses high security synchronization to synchronize with iCloud. Even if the synchronization data has been stolen from the cloud and the password is known, the data cannot be decrypted yet.
Create photos with personal information
Use the ability to create photos directly on the iPhone with SimpleumSafe and place them encrypted in the safe immediately. These photos will not be saved in the photo library. So, you can easily photograph customer documents etc.