Contact Us

13. Record Keeping & Archiving by Data Processors

Particular attention must be given to a formal Archive Retention Policy in respect of security management records maintained by security guarding service providers. This may be in the form of paper or electronic documents including the daily occurrence book (DOB) and dedicated records such as visitor logs, accident book, lost property register, key register etc.

An effective solution would be for the data controller to provide a secure cloud based electronic management information system covering these issues. The data processor should have password protected access as an administrator to maintain records and the data controller should have a password allowing ‘read only’ access. The records should auto delete upon expiry of a justifiable archive period unless flagged to be kept for a longer period, e.g. if there is an ongoing legal case or police investigation which justifies the materials being kept beyond 7 years.

It is important that both parties continue to have access to the records in the event that the contract with the data processor is terminated. Upon termination the data processor’s access rights should become ‘read only’ unless the data processor has another lawful ground for processing the personal data.

Overview

Under data protection legislation both parties have responsibility for the ‘custody’ of the documents containing personal data.

The data controller needs to ensure that the data processor adequately protects the records. The data controller typically satisfies this duty by ensuring the commercial contract between it and the data processor obliges the data processor to store the data in accordance with data protection legislation – (subject to any additional practical requirements).

The data processor has an independent obligation to process (including to store/archive) the documents in accordance with data protection legislation. The data processor also has a contractual obligation to comply with the data controller’s instructions under the contract between it and the data controller.

The data controller must have unrestricted access to the records subject to (if necessary) the data processor first checking the identity of the individual making the request on behalf of the data controller. In the case of electronic record keeping this would be achieved by password authentication.

Refer to www.verifi-eidos.co.uk for product information.

Related Posts

Incentive
ABM
Colliers International
Gerald Eve
Vail Williams
Avison Young
Lambert Smith Hampton
Ashdown Phillips
Savills
CBRE
Bidvest Noonan
Helix
JLL
Metrus
Cushman & Wakefield
JSS
Knight Frank
Iss

Providing GDPR Data Compliance Support & Software since 1998 to over 700 commercial premises throughout the UK to the benefit of Landlords and Managing Agents.

Services
Software
Useful Info
Get In Touch

7b Churchill Court,

Palmerston Rd,

Boscombe,

Bournemouth

BH1 4HN

© 2024 All Rights Reserved.

Home
Software
Services
About
Request A Demo
Plans & Pricing
Blog
Contact Us
Call Sales: (020) 3633 0235
sales@verifi-cctv.com
Contact Us

SOFTWARE

eDOB

Replacing your paper based Daily Occurrence Book

Proof of Presence

Solution for generating attendance records

Key & Asset Management

Replaces your paper based records

Visitor Management

Replacement to the traditional paper-based visitor book.

Secure File Sharing

CCTV footage and other data transferred electronically
View All Products

SUPPORT

Software Support

SERVICES

GDPR Compliance Support Service

Helping comply with GDPR relating to the use of surveillance

Evidence Download Service

Downloading evidence off of your security system

CCTV Redaction

Providing GDPR compliant CCTV redaction editing
View All Services

SUPPORT

GDPR Guidance