Under GDPR, defining and managing processes around personal data protection and compliance is compulsory with heavy fines in place for those who are not compliant.
What is GDPR?
GDPR has replaced the Data Protection Act, a legislation which had been in force since 1998 to control the way information is handled and to give legal rights to people who have information stored about them.
GDPR specifies that personal information must be securely deleted once it is no longer required for the purpose it was originally obtained for. Organisations must, therefore, ensure that confidentiality and compliance is maintained to the very end.
GDPR is an EU directive, affecting all businesses within the EU and UK. GDPR also applies to businesses outside these areas who carry EU and UK data. For the UK, GDPR will continue to apply after the withdrawal from the EU.
Higher penalties for non-compliance
Businesses face substantial fines and penalties mandated by GDPR for non-compliance with the regulation. There are two tiers of fines; up to £10 million of 2% of annual global turnover (revenue) of the previous year, whichever is higher and up to £20 million or 4% of annual global turnover, whichever is greater.
Security Solutions for GDPR Compliance
GDPR has made crucial changes to the way in which you store and access your files. With shorter timescales for subject access requests, stricter requirements for storing data and harsher punishments for data breaches, it's vital that you know exactly where each and every record you hold is stored to ensure compliance and enable fast, secure retrieval.
With loss and theft of paperwork, insecure file storage and improper disposal and data sent to the wrong recipient recorded by the ICO as some of the biggest data breach risks, it's clear that the secure storage, access and destruction of documents are key areas to confront.
Shredall SDS Group is fully compliant with the GDPR standard, and we want to ensure that our customers are too. We recommend that businesses review their existing information management processes, including how their sensitive information is stored and disposed of.
What will your business need to do?
We recommend that businesses, review the way their sensitive information is destroyed after use. Robust policies will need to be put into place and many businesses may find that outsourcing these measures will be secure and cost-effective solution. However, it is understandable that some businesses would prefer to have their shredding completed on site for added reassurance.
Nevertheless, the GDPR regulation requires proof that all confidential documents are destroyed, which the average office shredder doesn't provide. For GDPR compliance, a Certificate of Destruction will document essential shredding information to ensure secure disposal of sensitive data.
Our professional shredding services conform to the strict standards of BS EN 15713 Secure Destruction of Confidential Material, which means that we dispose of confidential waste in a secure, controlled manner and that our process is regulated by continual external audits to minimise risk.