It may be a year now since the GDPR was first introduced but this regulation is just as relevant now as it was then. Perhaps even more so, particularly when it comes to paper based data. Although many people assume that the GDPR only places requirements on businesses for dealing differently with digital data, in fact it needs to be integrated with respect to the risks for physical data too. ICO research indicates that 19% of security incidents are attributable to data being physically sent to the wrong recipient, for example, while 14% of these incidents result from paper being lost or stolen. In fact, according to the ICO, paperwork presents nearly 50% of the risk when it comes to data security. In order to achieve compliance with GDPR requirements to mitigate risk, a strong Paper Shredding Security Policy is necessary.
Choosing a professional shredding service
You may already be shredding documents internally, whether on an organised or ad hoc basis. There are a number of issues that can arise with this when it comes to staying GDPR compliant.
- Quality of shredding. Many office shredders are strip cut and these can allow for document reconstruction. They simply don’t provide a comprehensive enough level of destruction to be GDPR compliant
- Security before shredding. Particularly if you don’t already have a Paper Shredding Security Policy in place, documents may simply sit around accessibly until someone decides to shred them. This presents a significant security risk and means that document handling is not traceable.
- Frequency of shredding. Many businesses simply shred documents ‘as and when required’ which means that there is no regular schedule for destruction and no way of ensuring that a build up of sensitive material doesn’t occur.
Staying GDPR compliant with Paper Shredding Security Policy
- Work with a professional shredding service that provides locked bins for paper documents to ensure that data is secure even before it has been shredded.
- Write into your Paper Shredding Security Policy requirements to dispose of documents in these bins as soon as they are no longer being used so that staff know not to leave documents lying around. Make sure the policy includes details of the risks to the business if documents aren’t properly disposed of.
- Choose an on-site shredding service to minimise the security risk to your business. A professional on-site shredding service means that you don’t have to worry about what might happen to documents in transit.
- Don’t rely on a recycling bin. Unshredded documents can be read by anyone and the data in them stolen or copied. The only way to ensure optimum security – and GDPR compliance – is with a professional shredding service. You can still fulfill your eco goals this way too, as shredding documents are much easier and simpler to recycle and your shredding partner can handle that part of the process.
The fines for non-compliance with the GDPR are substantial and simply not worth the risk. The foundation of any sound Paper Shredding Security Policy is working with a professional shredding partner to minimise the potential security – and compliance - concerns for your organisation.
Get in touch with Shred-on-Site today for all your on-site shredding needs.