Absolutely. The GDPR expands explicitly it’s scope beyond electronic information to ensure that data protection law cannot be circumvented by taking advantage of the information held in paper records. For example, a cross-border transfer of paper records to then be converted into electronic records outside of the EU.
This is outlined in Article 2 (1):
“This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”
When considering how to achieve compliance with data protection regulations, it is common to fall into the trap of only thinking about your electronic records (we can help with that too), but what potentially non-compliant information do you have hidden in your paper records? For instance, under the GDPR, how would you respond to a data subject’s Right to be Forgotten if you aren’t sure what you really hold on them? We can help you answer these questions and have the solutions to deliver the results you need.
Ready to get started or would like more information?