With the General Data Protection Regulation (GDPR) now being enforced across the UK, any business which processes and stores confidential data will need to put stricter measures in place to avoid potential breaches. If not, they could face fines of up to £17m, or 4% of their global turnover.
However, studies have shown that many businesses are unprepared for potential data breaches, having unsatisfactory data security policies. A recent study published just days before the GDPR came into place found that 43% of UK office workers don’t believe that all data is secure, with an additional 59% of employees admitting that they have been given no training to deal with the government’s new requirements. This clearly paints a worrying picture, and one that we should all address. As experts in document security, the Shredall SDS Group would like to debunk the most common data security misconceptions.
1. Only the largest businesses are at risk of a data breach
The media is always swimming with news stories of business’ biggest giants suffering from data breaches, with Yahoo, eBay and Uber all falling victim to data leaks with disastrous consequences for their reputation in recent years. SMEs might thus be forgiven for thinking that, given their relatively smaller size, they do not run the same risk of sensitive data falling into the wrong hands. However, this belief often leads to lazy in-house procedures, leaving the door open for cyberattacks or for documents to go missing.
A recent study published by the European Union Agency for Network and Information Security (ENISA) found that 61% of breaches affected organisations with fewer than 1,000 employees. All the more worrying, then, that only 45% of SMEs have procedures in place to handle confidential documents.
These statistics demonstrate that, contrary to popular belief, small and medium sized businesses should feel especially under pressure to develop procedures and training schemes that mitigate the risk of a data breach. These companies need to put procedures into place that comply with GDPR requirements. One route to take would be a clean desk policy, which limits the possibilities of external parties seeing sensitive documents. Alternatively, businesses should look into a more effective document retention policy, whereby they follow stricter guidelines of how and for how long information should be stored.
2. It's enough to throw old documents away
Many businesses falsely believe that simply throwing their documents away is enough to avoid private information being leaked. CEOs might ask: “Is it already not enough that old documents are taken to the landfill?” The answer: no, definitely not.
Simply leaving employees to throw away paper documents with private information, like bank details or national insurance numbers, means that documents could become easily lost or worse, stolen. Bins are often easily accessible, meaning that criminals could discover key information and personal data that would open a company and its clients up to fraud. A report published by the ICO in 2016 showed that 40% of data security incidents were related to paperwork.
Companies therefore need to ensure that their paper documents are safely destroyed, putting a comprehensive shredding policy into place. At the Shredall SDS Group our state-of-the-art Vecoplan machines destroy both paper documents and hard drives in line with the new GDPR requirements, reducing them to extremely fine pieces to eliminate the risk of documents being reassembled. The shredded waste is then compacted, locked and transported to our depot for recycling.
3. An office shredder is sufficient protection
A common misconception is that shredding in-house is the only way of assuring that documents are disposed of in line with the new GDPR requirements. For true peace of mind, many assume that using an office shredder is the best way forward, giving the company complete control over its documents.
However, in the majority of cases this assumption is unfounded and has potentially disastrous consequences. Many businesses rely heavily on manual shredders, which are not only time-costly, thus discouraging employees from using them, but also rather ineffective; an ordinary shredder will only produce strips that could easily be put back together.
Outsourcing your shredding is the most convenient and safe way of disposing of sensitive information. Shredding companies like Shredall use state-of-the-art machines that cross-cut paper documents, making data no longer visible. We can also come to your office and shred on site, giving you peace of mind. We will also supply you with a Certificate of Destruction, which documents the time and date of disposal to allow your business to demonstrate GDPR compliance.
Common data security misconceptions pose potentially disastrous consequences for small and large businesses alike. Not only do businesses need to shred their documents rather than simply throwing them away, they need to ensure that the procedures they put in place are up to scratch. We at the Shredall SDS Group want to use our expertise to help organisations in their endeavour to protect both themselves and their customers from damaging data breaches.
Take the first step today by reaching out to us to us today.