What is a ‘filing system’ under EU data protection law?
The scope of EU data protection law expands beyond information in electronic form to cover non-automated processing of personal data which forms part of, or is intended to form part of, a ‘filing system’.
Article 2 (1) of GDPR states:
“This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”
By expanding beyond data in electronic form, GDPR prevents situations where data protection law could be by-passed by keeping information in paper form during a particular stage of processing. For example, the rules that apply to cross-border data transfers cannot be by-passed by exporting information in paper form as part of a filing system which then can be transferred into electronic form once outside the borders of the European Union.
Un-structured paper records are outside of the scope of EU data protection law but the line between structured and unstructured filing systems in practice can be blurry.
The ICO has provided some guidance on how to do the analysis (summarized in the graphic below) and has suggested that applying the “temp test” could be helpful.
Under the “temp test”, if a temporary administrative assistant (a ‘temp’) could extract specific information about an individual from manual records without any particular knowledge of the type of work or documents you held, such system would be considered a ‘filing system’.
The ‘temp test’ assumes that a temp is reasonably competent and only requires a short introduction, explanation and/or operating manual on the particular filing system in question before using it
“Temp test” example:
John Smith is your employee. He requests details of leave he took in the last six months. You have a collection of personnel files; these files each hold a single category of information:
(a) If there is a file named “Employees’ Leave” with alphabetical dividers by last name, a temp would have no difficulty in finding the leave record of John Smith behind the “S” divider. This file forms part of a relevant filing system.
(b) If there is a file named “John Smith” with all personnel records for John Smith, a temp would have no difficulty in finding the leave record of John Smith in this file. This is a relevant filing system.
(c) There is a file named “John Smith” in a set of files that contain the leave record of all employees. Details of leave are recorded on standard forms filed in chronological order within the separate files for each employee. A temp would have no difficulty in finding John Smith’s leave record. This is a relevant filing system.
Alternatively you may only maintain one set of manual files for each employee with multiple categories of information, held in alphabetical order using individuals’ names as the file title. If all the information you hold about an individual is simply added to the file in chronological order (whether it relates to his employment record, complaints raised by him, his records as client of your organization, letters received from him, etc.), the set will not be a relevant filing system. A temp would need to plow through all the different categories of information on John Smith’s file to find the specific information needed.