Published 15th of December 2020
We rely on the use of data in every working day for the smooth running of many business operations. Every piece of data that’s destroyed must be issued with a Certificate of Destruction for GDPR compliance. A data destruction process is paramount to any business because if data isn’t handled currently it can lead to a security breach, which can be extremely costly and detrimental to any organisation.
What is a data destruction certificate?
A certificate of data destruction is an audit document that provides proof that all of your confidential information has been securely destroyed. A certificate of destruction can be provided for both computer hard drives and paper documents.
This is your proof that your business respected all privacy laws, GDPR regulations and took appropriate actions to prevent the leakage of misuse of proprietary company information.
After the shredding process has been completed, your business is required to keep a certificate of destruction.
What is data destruction?
Data destruction is the process of destroying data, whether it’s on hard copy paper documents or on electronic devices. Following the destruction process, the data is completely destroyed so that it’s irretrievable by anyone who later comes into possession of it.
Data destruction and the law
Data protection law applies to any personal data, kept as hard copies or electronic media. The law instructs that any personal data held by a company must be protected against unlawful and/or unauthorised access. This legal requirement extends not only to data on ‘live’ systems but also any that might be held on any old IT equipment which is to be disposed of.
It’s vital that everyone in a business understands what’s sensitive and what isn’t. Confidential documents can be anything from company financial records, employee details, personal information, etc. Under GDPR legislation, businesses must not hold any information longer than required. Once the information is no longer needed it must be securely disposed of.
By choosing a shredding company which operates according to UK law, as well as being in line with your business policies, you can be assured that your compliance is taken care of. Storing shredding certificates will prove that your business is stickling to requirements when being audited.
Different types of data destruction
There are three main types of secure data destruction, where a certificate of destruction is provided for every service.
Secure On-site Shredding
A secure on-site shredding processes must fully comply with the BS EN15713 Secure Destruction of Confidential Material, the standard specified by the BSIA (British Security Industry Association). This is an important accreditation as it provides a specific framework for businesses to follow, to ensure the secure destruction of confidential material. It also directs business towards recycling the shredded material.
Most shredding companies use mobile shredding vehicles that arrive at your premises. These vehicles have the capacity to shred 3,000kg of paper per hour for a fast and efficient service. The shredded material is cross-cut shredded into an unidentifiable product, in line with the current European standard (EN15713).
The destruction process can be witnessed by an appropriate person from the company and carried out by specially trained operatives. The shredded waste is then compacted into the rear compartment of the vehicle, locked and transported to a secure depot, where it will be baled and picked up for recycling. Once all materials have been destroyed, a certificate of destruction is issued.
Secure Off-site Shredding
Off-site shredding is completed at the shredding suppliers secure depot. Many companies allow you to arrange when you’d like your confidential waste to be collected. Giving you options for regular scheduled collections, or a simple one-off collection. Documents will be shredded within 24 hours in a state-of-the-art depot, which is capable of shredding 320 tonnes per day, making it more environmentally friendly and extremely cost effective. Once all materials have been destroyed, a certificate of destruction is provided. The shredded waste is baled and picked up for recycling.
Hard Drive Destruction
All hard drives, whether it’s a working one or not, still contains data that can be recovered. Hard drives can be destroyed off-site or on-site, on a remote shredding vehicle just like paper shredding services.
Cutting edge data destruction technology is used to permanently destroy decommissioned discs, servers and memory drives, making it impossible to reconstruct and recover the data.
Shredall’s data destruction process
The first step in the process is the collection of waste. We can provide lockable bins, data consoles and sealable bags before collection to store your sensitive material. We offer both on-site and off-site shredding for your convenience. All of our members of staff are security vetted, DBS checked, and wear Shredall SDS Group branded uniforms. We are serious about security and ensure that we comply with BS 7858:2012 screening.
Once the shredding is complete, we issue the Certificate of Data Destruction and Waste Transfer Note, which includes the weight and details of the collection, so that you have a complete audit trail. These certificates must be kept on file for 6 years.
The waste is then baled at our depot and sent to a recycling centre to be turned into tissue-based products. We are dedicated to recycling and are proud to recycle 100% of our paper waste.
With the rise in legislation surrounding data protection, it has never been more important to dispose of personal data safely and securely. Shredall SDS Group will ensure that your waste disposal process is secure every step of the way. Contact our team to discuss the best shredding services for your business.