The GDPR sets out seven principles for the lawful processing of personal data. Some examples of processing data include collection, organisation, storage, alteration, restriction, erasure or destruction of personal data.
Shredall SDS Group provide a secure data destruction service, whether it’s paper documents, hard drives or branded products. This ensures that all data is processed and stored in regulation with the 7 GDPR principles.
1. Lawfulness, fairness and transparency
The first principle emphasises transparency, when collecting the data, it must be made clear why the data is being collected and how the data will be used. The collection, processing and disclosure of data must all be done in accordance with the law. That includes data collection, data storing and data processing.
At Shredall SDS Group, we’re experts in data protection and management. We are able to help you organise your document for document storage by indexing each file, keeping all data transparent and easy to retrieve.
2. Purpose limitation
Organisations must have a specific and legitimate reason for collecting and processing personal information. You must inform your clients about the purpose of the data collected and only use the data for those purposes. Under GDPR, clients must consent to the use of their personal data and must be able to easily withdraw consent whenever they want.
3. Data Minimisation
Under GDPR, data must be “adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.” This means that organisations should only store the minimum amount of data required for their purpose.
Shredall SDS Group is able to securely shred any unnecessary data held by organisations with a Certificate of Destruction to prove the data has been destroyed.
4. Accuracy
Personal data must be accurate and kept up to date. It’s important that old data is securely disposed of immediately. Keeping onto of your data is essential, regularly reviewing information held about individuals and delete or amend inaccurate information.
Shredall SDS Group provides an on-site or off-site shredding service, which can be shredded on an ad-hoc or scheduled basis. To ensure data is regularly deleted and cleansed, making accurate at all times. Documents can be stored off-site with a date of destruction at the end of its lifecycle to safeguard the accuracy of your information.
5. Storage limitations
Once you no longer need personal data for the purpose of which it was attained, it should be deleted or destroyed unless there is a reason for retaining it. A retention period would need to be set for all personal data you collect and a justification for the date set.
Our national secure document storage helps you make space and saves valuable time looking for documents. We can help you keep records safe and easy to access and once you no longer need your documents, we can dispose of them by using our shredding service.
6. Integrity and confidentiality
The security of your data is paramount. Your organisation must ensure that all the appropriate measures are in place to secure the personal data you hold. This could be protection from internal threats such as unauthorised use, accidental loss or damage, as well as external threats such as phishing or theft.
Businesses should consider working forwards gaining official certification such as ISO 27001 to prove your commitment to cyber security. Data theft can occur both online and offline. Archiving your files off-site in a secure facility can be increase your security rather than leaving your files in a filing cabinet in the office for anyone to access.
Shredall SDS Group’s state-of-the-art facility has 24-hour CCTV security with fire protection and flood resistant features to ensure all documents maintain the highest level of security. Documents that are stored in our secure facility can be indexed, providing a full inventory of documents and a full audit trail. Every business will know exactly where their file is at all times.
7. Accountability
The final principle, states that organisations must take responsibility for the data they hold and demonstrate compliance with the previous principles. This requires a thorough documentation of all policies that govern the collection and procession of data. To ensure compliance, businesses must be sure that every step within the GDPR strategy is auditable and can be complied as evidence efficiently.
Shredall SDS Group meets the highest standards of compliance ensuring all clients are in safe hands. As well as investing heavily in mandatory initiatives, we also work with our clients across various sectors to understand the specific demands of their industry.
We can work together to help you comply with the seven GDPR principles – get in touch today.
