Why Physical Security Is Important for GDPR Compliance

There’s more to GDPR than cybersecurity. Here’s how to protect your client’s data using physical security.

Think General Data Protection Regulation (GDPR) does not apply to businesses that do not offer goods or services to EU consumers or process personal EU data? Think again, and keep reading.

Many businesses have spent a great deal of money attempting to become compliant with GDPR. This could include everything from hiring consultants, and improving their cybersecurity, to making changes to internal infrastructure.

Two reasons for this is the need to keep personal data protected, and the heavy fines that businesses can face if they don’t take appropriate steps to do so.

Under the rules of the GDPR, the Information Commissioner’s Office (ICO) has the power to fine companies up to 4% of their annual global earnings, so businesses have a deal of incentive to be in full compliance with the regulations.

But it should be pointed out that the GDPR covers the theft of all forms personal data including both information stored on IT systems and physical copies.

Putting a great of investment in cybersecurity is an important aspect of complying with the GPDR, but if a company isn’t also investing in its physical security it could find itself in a difficult situation.

Why Physical Measures are Important to GDPR

Data breaches are constantly making headlines — and it is almost exclusively due to hackers and cyber criminals taking advantage of businesses or embarrassing mistakes resulting in unintended data disclosure. So, you might be surprised to learn that physical loss and portable devices account for a large number of data breaches every year.

It can be easy to assume that if a client needs to protect personal data, they need to invest in high quality cybersecurity services to prevent the possibility of attacks using phishing, malware or other online tactics.

In fact, one must make physical security a priority too. Remember that criminals will go to any length to gain something that is of value. If an organisation holds physical copies of private data, then they could be at risk.

It should also be noted that hackers can sometimes use physical access to gain entry into an IT system. This could come through methods such as inserting a USB stick that contains malware. This can then infect the IT system from within. This is a cybercrime, but it originates from a physical attack on property.

What Steps Can a Business Take?

Here’s where security integrators can step in. If a potential client wants to take steps to improve their physical security, let them know there are a number of options. The best choice for each prospective client will depend on the needs and requirements of their business and premises. Some key physical security measures include:

  • Cameras – Video surveillance can act both as detection technology as well as a deterrent.
  • Access Control – Almost all businesses have a front door that can be locked, but what about internal doors? It can be an extremely good idea to invest in internal access control so even if individuals can gain access to one part of the building, they cannot get far.
  • Gates – It is also important to consider access to your client’s site as a whole. Security gates can offer an imposing boundary that can stop criminals from considering their business as a target.
  • Barriers – One aspect of physical entry that business sometimes forget is vehicle access. Remember that if criminals are entering the premises to steal files and information, they will want to have access to a vehicle to escape. Make sure that entry points to a carpark or the surrounding area either have gates or use security barriers to keep them out.

 Is It Time to Move Documentation to the Cloud?

Something worth considering not just for your clients but yourself is whether now is the right time to reduce the risk of physical document theft even further by digitizing your files.

Don’t worry, this doesn’t mean manually scanning your whole library of documents yourself. Specialist scanning services can do the job for you extremely quickly.

These documents can then be stored on the Cloud, ensuring that there are no physical copies that could fall into the wrong hands.


Mike James is a Brighton-based writer specializing in security, cybersecurity and the potential threats to business malicious attacks can pose. Having worked in various guises of information technology over the years, he now enjoys writing for a range of magazine and internet publications on these subjects. He wished to give a special thanks to security-barriers specialist Maltaward, who were consulted over the information used to write this article. 

Security Is Our Business, Too

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!

Subscribe Today!

Leave a Reply

Your email address will not be published. Required fields are marked *

Get Our Newsletters