How could confidential shredding ensure my business has a future?
Confidential shredding a business life-saver? Really…?
Yes, we say it is. The first year of the General Data Protection Regulation (GDPR) has shown that businesses that don’t treat data protection seriously now face substantial fines – up to 4% of their annual turnover or €20 million in the most serious cases.
Protecting data by strong cybersecurity and confidential shredding of documents is now vital.
It’s also going to get even more important in the coming months and years.
The Information Commissioner, Elizabeth Denham, is warning that in its second year, compliance with the basics of GDPR won’t be enough. Organisations will need to show how they are accountable for data protection.
Ms Denham wrote in her blog: “The focus for the second year of the GDPR must be beyond baseline compliance – organisations need to shift their focus to accountability with a real evidenced understanding of the risks to individuals in the way they process data and how those risks should be mitigated.”
One of the key ways businesses will show they are accountable is to ensure they understand the need to have a robust process in place to deal with confidential waste.
How can confidential shredding prevent a data breach?
Documents can contain so much information which could be used to compromise your business’s security.
Passwords can be written down, staff rotas can highlight when your site will be empty, and email addresses could be phished.
Ironically, old-fashioned paper could compromise your online security and provide a rich source of information for hackers.
Documents can also contain confidential and sensitive information such as staff or customer bank details, credit card details, names, addresses, emails, and phone numbers. Don’t forget that IP addresses are also now covered by the new GDPR rules.
If they are stolen or lost, you will have to report a potential data breach to the authorities and, in the most serious cases, to the people involved.
If your confidential documents are shredded securely, you avoid a potential fine and the reputational damage of having to report breaches under GDPR.
What should you have in place?
- A Data Protection Officer to oversee your policies and practices. This is a stipulation of GDPR.
- A written confidential shredding policy – naming your shredding company and the steps they take to ensure security, such as having vetted staff and having relevant accreditations.
- Certificates of destruction for all of your documents.
- The ability to create a simple audit trail for your waste confidential documents.
- A written strategy to deal with old hard drives and removable media such as USB drives which could contain confidential information.
- A process for communicating all of this to staff.
- A method for checking your staff are complying with your policies.
Having this process will help you if there is an investigation and could reduce a potential fine if something does go wrong.
How does our confidential shredding work?
You choose whether to shred at your site or to send it via our secure vehicles and vetted staff to our secure shredding facility.
The documents, hard drives, or media are shredded and you get a certificate of destruction for each consignment.
The shredded waste is taken to a UK recycling plant.
Your staff has the time to concentrate on delivering for your clients and you get a cost-effective service.