Business shredding – 7 things companies might forget to shred

Most businesses today understand the importance of keeping data secure either digitally or on paper. GDPR guidelines through the Data Protection Act 2018 control how personal information is used by organisations, businesses or the government – so business shredding is more important than ever.

Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:

• used fairly, lawfully and transparently
• used for specified, explicit purposes
• used in a way that is adequate, relevant and limited to only what is necessary
• accurate and, where necessary, kept up to date
• kept for no longer than is necessary
• handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.

Whilst many businesses understand the necessity of secure paper shredding certain data, there are still some types of information that might get overlooked. Below is a list of some of the records your organisation might have missed.

1. Marketing and research information – This could contain sensitive information about your business, progress, future strategy or your competition. Any unnecessary paper copies need to be shredded.
2. Receipts – These might include part of your account or card numbers and the organisations you do business with.
3. Job submissions & CVs – Unsuccessful applications, that have no need to be kept on file (for future reference/possible employment for example) need to be shredded as they contain personal information.
4. Out of date service contracts – Scammers are great at impersonating legitimate service providers. Accessing old contracts and ways of working can help them build a more convincing picture. Plus, once a contract is out of date the personal information needs to be shredded – unless of course you have good reason to hold on to it under the GDPR guidelines.
5. Old bank statements & credit card bills – Financial information that is out of date should always be shredded.
6. Old utility bills – Bills hold your account information, which, in the wrong hands could cause harm to your business.
7. Old personnel files – When you employ someone, you are entrusted with personal information about them. It makes sense to keep certain accounts of past employees and there are HR guidelines about the length of time a company must keep records about things like salary and pensions information, accident or grievance records and income tax. However, once the individual timescales for holding such records are met, it is important that this kind of sensitive, personal information is disposed of.

For full information about GDPR visit the Information Commissioner’s Office at https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/

There is also clear information about the Data Protection Act on the government website https://www.gov.uk/data-protection

We hope you have found this quick rundown helpful. If you would like to discuss the shredding services we can offer your business, please contact 01934 900525, email info@yeates.co.uk or visit https://www.yeates.co.uk/shredding/