Discover GDPR’s impact on document retention and learn about secure shredding practices and compliance tools for businesses. The European General Data Protection Regulation (GDPR), enacted on May 25, 2018, has brought about significant changes in how businesses manage personal data, extending its jurisdiction from public authorities to small and medium-sized enterprises. Stringent rules for the processing of personal data, covering information such as names, addresses, email addresses, and social security numbers, means that organisations of all sizes need to ensure they implement best practices when it comes to processing data. Not only is there a moral obligation, but non-compliance could result in fines of up to 4% of global turnover or €20 million, emphasising the critical need for businesses to prioritise data protection.
GDPR and Document Retention: Best Practices for Paper Records
To align with GDPR, businesses must extend their data protection policies to encompass paper documents. Whether stored electronically or as hard copies, organisations need to implement technical and organisational measures to ensure secure data processing. Key considerations for paper documents under GDPR include:
- Secure Destruction: Documents containing data no longer needed must be securely destroyed through methods such as shredding.
- Organised Storage: Documents that need retention should be stored in a manner that allows easy traceability and accessibility when required.
- Access Control: Sensitive documents require storage in locked cabinets, with restricted access limited to authorised personnel.
- Inclusion of Remote Workers: Policies should encompass temporary and remote workers, outlining procedures for protecting documents and data in their possession.
The Data Protection Principles
Every data protection strategy should respect the principles that data shall be:
- Processed lawfully, fairly and in a transparent way
- Collected for specific, explicit, and legitimate purposes, and not subsequently processed in a way that goes against those purposes
- Adequate, relevant, and limited to what is necessary
- Accurate and up-to-date. Inaccuracies should be processed, erased, and rectified
- Kept for no longer than is necessary
- Processed securely
The Rules & Tools of Compliance
- Article 6: Lawfulness of processing
- This article governs how data is processed and who sees it and for what purpose.
- If you’re in a busy or public environment, a privacy screen prevents prying eyes from reading your screens.
- Article 5(1): Data Protection Principles
- The six data principles highlighted above, ensure the data is kept no longer than is necessary and that it is destroyed properly and securely.
- Shredders are an essential part of any data protection plan, providing secure and proper destruction of documents.
- Articles 5(1)e and 89: Archived Materials
- Personal data may be stored longer solely for archiving purposes in the public interest, scientific or historical research or statistics, provided appropriate protections are in place.
- Bankers Box Records Storage Solutions can be stored in a secure cabinet to ensure compliance with GDRP
We’ve seen that a core principle of GDPR is that data must not be kept any longer than is necessary and is disposed of securely. Below we’ll investigate why shredding is so important to complying with GDPR.
Secure Shredding and GDPR: What You Need to Know
It’s not secure until it’s shredded!
Every organisation has a legal responsibility to safeguard sensitive information and dispose of confidential material securely. The organisation is also responsible for any confidential material that’s taken outside its premises by any of its employees. This includes both hard-copy documents and anything that can be viewed on a computer, laptop or mobile device.
Despite increased awareness of identity fraud over the last few years, crime is still growing at an alarming rate in the UK. And, because we deal with so many pieces of information on a daily basis, we’re all at risk – individuals and organisations alike. A discarded bank statement, a snippet of payroll information or a crumpled customer proposal could be all a criminal needs to cause irreparable damage to you and your business
In the latest Keep It Confidential Report, we looked at shredding in a hybrid working world, showing just how far we must go when it comes to handling sensitive documents.
- 51% believe that hybrid working may have increased the amount of sensitive information being lost or in breach of GDPR rules
- 46% have seen people leave confidential work-related documents unattended
- One in four say they do not follow their organisation’s GDPR policy, do not know of one, or cannot remember the details.
- 70% of all respondents have either taken printed work documents home, printed documents at home, or both.
- Of these, 47% say they do not shred these documents once they are no longer needed.
These results should be cause for concern, with organisations needing to do more to implement better shredding practices. Download the complete Keep It Confidential Report to learn how your organisation can implement stronger GDPR-compliant procedures, from shredding to GDPR training, today.
Three Tips for Better Shredding Practices
Secure shredding is key to keeping confidential paperwork out of the wrong hands and reducing organisational exposure to data breaches. Using a shredder to safely destroy confidential paperwork should be part of our daily routine, wherever we work.
- Don’t assume everyone understands GDPR. Educate all employees on GDPR requirements, personal data handling and the six principles of data protection. This training should be given to all new starters, whenever legislation is updated, and as part of regular data security refresher sessions.
- Shred all sensitive paperwork before recycling or disposing of it, ideally without needing to take the risk of transporting it from home to the office, or vice versa.
- Give all employees easy access to a secure shredder at home and at work to ensure GDPR compliance wherever your team might work.
It’s clear that shredding is the best way to securely destroy confidential documents, protecting sensitive business information and personal identities.
Take action to protect your business today. Visit the Staples website, to find the shredder that is most suitable for you.