If you get a request for a digital copy of a persons data you can extract this in the Client Reporting screen.
If you want to download a copy of all information you have about a person you can do this using the new Print Profile download facility.
Download selected Client data
9. Audit Trail
Under GDPR you need to be able to answer the following questions
“Who accessed or changed data within our systems?”
“When was the data accessed or when was it changed?”
“When did a specific user last access to the system ?”
Section 2 of the regulations deals with the Security of personal data
There is an audit trail running in MindaClient and this tracks all changes by users. It records
- The person who added the record
- The value before the change was made
- The person who made the change
- The date and time of the change
- The new value of the data
- It records when a user accessed MindaClient
- It records changes to dropdown lists
If you wish to view the full audit trail for a client you can select which area you wish to print the audit for or you can select to print all changes.
Article 32 of the GDPR regulations deals with the Security of processing
Article 32 states that the controller shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
The following is a summary of the security steps that MindaClient has undertaken.
All data transferred to and from our websites is encrypted via HTTPS using strong SHA-256 bit encryption. Similarly, all backups between servers are made using SHA-256 bit encryption.
Constant Back up
A full backup of the MindaClient server is made every hour using a secure SSH encrypted connection between servers. This is done using an automated and dedicated backup service located within the Irish Republic.
Our MindaClient server has a hardware firewall at datacentre level, and in addition there is a software firewall on each machine. Access over all ports is fully restricted based on the need to access, and when access is allowed, this is further restricted based on IP address.
Our MindaClient server is mirrored in real time to a failover server on the AWS cloud (Dublin). In the unlikely event of a disruption to service on our primary server, we have an IP switching service in place that will allow us to simply failover to the secondary machine.
All passwords are hashed. In the event of a breach, none of our user passwords can be decrypted.
We have implemented a ‘strong password’ policy. When creating a password, this strong password criteria must be met by users.
Regular Updating of Passwords
We have an automated facility that allows our clients to turn on the forced updating of their users’ passwords. When a set time period has elapsed, the user will be required to change their password to a new ‘strong’ password.
If a user needs to reset their password, they can make this request on the login page of our website. An email is sent to the registered email account of that user, allowing the user to update their password securely.