Published 26th of September 2019

What is Data Protection principle seven and what does it mean for you?

The data protection act sets out the 1998 Data Protection Act's eight principles of data protection; how UK businesses should ensure confidential data is gathered, stored and used correctly. The principles explain how personal data should be obtained and processed fairly and lawfully, that only the correct data should be used, and that all data should be accurate.

Principle Seven of the data security act: “Processed In a manner that ensures appropriate security of personal data, including protection against unauthorised and unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.” All eight principles can be found on the ISO website.

What does this mean?

The above principle deals exclusively with your data security and basically means that organisations must do what they can to stop data falling into the wrong hands. Your organisation must ensure that all the appropriate measures are in place to secure any confidential data you hold. This could be protection from internal threats such as unauthorised use, accidental loss or damage, as well as external threats such as phishing or theft.

Not keeping on top of your information security could jeopardise your systems and services as well as causing distress to employees and financial implications to the business. Every organisation holds different data and has different processes, which means each business needs to implement its own approach to information security. Shredall SDS Group recommends considering who in your organisation will take responsibility for security issues and making a contingency plan for how you’ll react if your security is breached.

It’s important to remember to keep your ‘live’ data safe but equally it’s fundamental to safeguard data that has fulfilled its purpose. This can be data that needs archiving or data that can be destroyed. Principle Five of the Data Protection Act, states that personal data must be disposed of when no longer needed. Look at your data and figure out what confidential data you no longer require and which you need to keep secure.

How we can help

The eight principles cover every aspect of data destruction, from security to accuracy and storage of your data. We can help protect your data against ‘accidental loss’, we can guarantee that your data gets collected and destroyed in compliant with GDPR regulations. We issue a Certificate of Destruction with every service and we meet European Standards BS EN 15713:2009 for security shredding and BS 7858 for staff vetting.

It’s easy to think that confidential data is just on paper but there’s more data stored on a hard drive and other digital devices. Shredding is the best way to dispose of digital data, simply recycling or throwing a hard drive away doesn’t guarantee that the data can’t be recovered in the future. The most secure way to dispose confidential data whether it’s on paper, old hard drives, data tapes, CDs, branded products or uniforms is to physically destroy them and that is where we can help.