The General Data Protection Regulation (GDPR) is a topic on everybody’s lips. When 25th May strikes, so does a law that will change the way businesses handle sensitive data – but how does this relate to shredding? Does it even matter?
At Yeates, we’ve compiled all you need to know about shredding for GDPR compliance – helping you to get prepared for handling and destroying sensitive paper records in the correct way.
Let’s re-cap on GDPR expectations
Once here, GDPR will strengthen data protection by introducing tougher requirements on how businesses and local authorities collect, process, store and delete or destroy confidential information on customers, employees, suppliers, and in fact – anyone they have dealings with.
Paper records and GDPR compliance
Becoming GDPR compliant goes beyond setting up procedures for electronic storage and email marketing systems. Don’t forget the information you hold outside of the digital realm; we’re talking about hardcopy documents and confidential paper records.
Let’s understand it from a legislative perspective… If you fail to ensure the correct procedures are taken to secure and destroy sensitive paperwork in the right way, you pose a high risk to your business. This is because under the GDPR you are liable if a data breach leads to an individual’s information being stolen.
Shredding paper documents will mean that your organisation is able to dispose of data securely, preventing access by third parties. The shredding process needs to leave documents entirely unrecoverable. Careful paper disposal is, therefore, a key component of data security, protecting your business and the sensitive information it holds.
How to adopt GDPR compliant shredding
Auditing your data handling processes is the first place to start. This needs to include looking at how long you need to retain paper records and how they are destroyed. We’d recommend reviewing your data destruction policy, refining it where needed and communicating it to all employees.
Should you be audited, it’s likely auditors would look at your information asset registers, retention schedules and destruction records and certificates. The best way to ensure that the destruction of paperwork is compliant with the GDPR is to work with a data destruction specialist with vetted staff such as Yeates.
Shredding firms like us can safely shred your paperwork and confidential materials, providing peace of mind and a Certificate of Destruction for your records. We can also arrange a regular shredding collection to stop you from storing paper records for longer than needed and securely destroying it on your behalf.
To find out more about how our confidential on-site shredding service could help your business call us now on 01275 877900.
Image CC: James West