GDPR (General Data Protection Regulation) came in with a bang and many people were left lost and confused with what they were and were not allowed to do anymore. One area that this massively affected was the management processes around personal data protection; compliance is compulsory and there are some hefty penalties in place for those who do not comply.
For those not familiar with GDPR, this is what replaced the Data Protection Act that was in place from 1998 onwards. GDPR was put in place primarily to allow people to have the control that they deserve over their own personal data, giving those who have had their information stored by third party’s legal rights over it.
GDPR specifically states that any personal information stored must be securely deleted once it’s no longer required for the purpose that it was obtained for. This means that organisations must ensure that confidentiality and compliance are maintained from the start (when and how you obtain the information) right until the very end (when you correctly dispose of the information when it’s no longer needed).
Contrary to a few miscommunications floating around, although GDPR is an EU directive, meaning that it affects all businesses within both the EU and UK, GDPR also applies to any businesses outside these areas who carry EU and UK data. Furthermore, once the pending withdrawal from the EU is complete, the UK will still have to remain GDPR compliant.
Because of all of this, it’s recommended that businesses seriously review their existing management processes for the data that they’re storing and/or disposing of.
One of the key ways that businesses fall short is in their disposal methods. Destroying their sensitive information is absolutely vital when it comes to GDPR and something as simple as keeping on top of your paper shredding can really make a massive difference.
Although many companies take the traditional method of just buying a paper shredder, choosing to keep it in the office and delegate this task to a specific employee. In reality it can actually be incredibly cost-effective to outsource this process to a third party; additionally ensuring that there’s no room for human error and the process is completely secure.
Shredding is the absolute minimum that must be done when disposing of any documents that are no longer necessary in order to be compliant with the law. But, something that’s often overlooked with standard office shredders is that a lot of the time they only cut into vertical strips, which, for a person with a bit of patience, can be stuck back together.
There’s some good news, however, if you’re all set on taking care of your paper shredding on-site, there are industry-standard shredding machines that don’t just cut vertically and can deal with 6000kgs of paper per hour which renders any document completely illegible. Plus there are companies available that will take care of the issue for you; one example is On Time Shred Paper Shredding Services.
So, with all this in mind? Are your current processes completely compliant with GDPR? If not, we hope that this article has helped to identify the points that you need to address and now you’ll not only know what you need to do but understand why it’s important.