How does shredding fit into your compliance plan for 2018?
Data protection compliance is about to get a whole lot more challenging. In May 2018, the EU General Data Protection Regulation (GDPR) comes into force in the UK bringing with it a whole raft of new requirements that significantly tighten up data compliance. Destruction of data is a key part of safe data handling so if you’re taking steps now to ensure compliance for 2018, shredding potentially has a significant role to play.
Why is the GDPR so important?
One of the most talked about features of the GDPR is the new power it gives the ICO to penalise businesses for a lack of compliance. For example, the fines that could be issued are much higher - €20 million or 4% of a firm's global turnover (whichever is greater). So, failing to comply with the GDPR could be incredibly costly for UK businesses, perhaps even devastating.
How to create better internal compliance processes
1. Make sure everyone knows that change is coming. Part of ensuring compliance across the business is generally raising awareness of the need to be much more careful in the process of data handling. This applies as much to junior staff as to managers. Be clear and unambiguous about the risks to the business if compliance is breached and how staff can help e.g. making sure that sensitive documents are placed into locked bins for shredding.
2. Identify each point in the business at which data is handled
Where are you processing data, where is it at risk and who is interacting with it? This will be everything, from transmitting data to the destruction of confidential documents or media. The GDPR is very broad in terms of the type of data that it will catch. This could be ‘personal data’ – any information relating to an identified or identifiable natural person – or ‘sensitive personal data,’ which could be, for example, information relating to ethnic origin, genetic data, sexual orientation etc.
3. Assessing the risk to data throughout the organisation
Data destruction is one of the most significant risk points when it comes to GDPR compliance, as there are so many ways in which information destined for destruction could become insecure. An audit review of data destruction policy is essential – how could you better ensure GDPR compliance by reducing the risks involved? Who has access to data and how many hands does it pass through before it is no longer a risk? It’s here that on-site shredding can significantly improve your compliance, as data is kept in locked bins and then destroyed before leaving the premises, reducing the potential for loss or theft.
4. Create a clear an unambiguous data destruction policy
How and where data is destroyed – as well as a clear outline of the risks if a policy is not complied with – need to be effectively communicated to all staff. If you work with Shred-on-Site then all you will need to do is:
- Outline how to dispose of information in the right shredding receptacles
- Make clear that these are locked and there is no access once the document or media is deposited
- State when on-site shredding takes place (with Shred-on-Site you can choose a regular shredding date or a one off occurrence as and when required)
If you want to upgrade your compliance processes in time for next year, on-site shredding is a simple and fast way to do it. Contact us to find out more.
Author: Mark Coombes, Follow me on Google+