Data Entry Control. Technical and organisational measures regarding recording and monitoring of the circumstances of data entry to enable retroactive review. System inputs are recorded in the form of log files therefore it is possible to review retroactively whether and by whom Personal Data was entered, altered or deleted.
Data Entry Control. We provide the possibility to verify the source of the entered data. Based on the stored history and logs, we can check whether and by whom personal data were entered, modified or deleted in the data processing systems.
Data Entry Control. Auditing and recording of the access transactions performed by Supplier’s employees to Company’s data, using log files, in case of processing on the Supplier’s systems.
Data Entry Control. Verification, whether and by whom personal data is entered into a Data Processing System, is changed or deleted, e.g.: Logging, Document Management A.3 AVAILABILITY AND RESILIENCE (Article 32 Paragraph 1 Point b GDPR)
Data Entry Control. Protection against unauthorised reading, copying, modification or removal within the system is ensured by the following measures. ● Standard authorisation profiles on a "need to know" basis ● Standard process for authorisation assignment ● Logging of accesses ● Secure storage of storage media ● Periodic review of assigned authorisations, especially for administrative user accounts ● Reuse of data media in compliance with data protection requirements ● Disposal of data media no longer required in accordance with data protection requirements ● Separation of internal and guest network ● Automatic logouts ● Clear desk policy (individual lockers) ● Clear-screen policy (sanctions for unlocked screens) ● Standard processes for employee changes/leavings
Data Entry Control. Objective: Identification whether and by whom personal data is entered, altered or removed in data processing systems Existing / implemented measures: • Order related service contracts • Responsibility rules • Process flow organization • Logging functions (input, change) • Document management system
Data Entry Control. There is a possibility to subsequently review and determine whether and by whom personal data was entered into, altered in, or removed from data processing systems. Each Party has implemented the following input control measures on its systems, which are used for processing the personal data or which enable or convey access to such systems:
Data Entry Control. Measures regarding the subsequent review, whether and by whom data were entered, altered or deleted: The aim of the data entry control is to make sure with the help of appropriate measures that the circumstances of the data entry can be reviewed and monitored retroactively. System inputs are recorded in the form of log files. By doing so, it is possible at a later stage to review whether and by whom Personal Data was entered, altered or deleted.
Data Entry Control. If the Processor processes Client Data, the Processor must ensure through record keeping or organizational measures that, at the request of the Controller and also until the Client Data has been deleted, it can be reliably determined at any time, even subsequently, when and by whom what Client Data has been processed (at least by keeping records of the user ID of the persons processing Client Data, of the changed date and the time of the changes).
Data Entry Control. CT implements appropriate measures to monitor whether data have been entered, changed or removed (deleted), and by whom. This is accomplished by: • Documentation of administration activities (user account setup, change management, access and authorisation procedures) • Archiving of password-reset and access requests • System log-files enabled by default • Storage of audit logs for audit trail analysis
