Generally speaking, organisations consider shredding documents as essential. It can be viewed as a core part of their data protection obligations. However, what they don’t realise is that there is often a gulf between standard (perhaps in-house) shredding and professional confidential shredding services.
It’s vital that organisations do recognise this distinct difference. Confidential shredding brings with it assurance, peace of mind, legality and reputational standing.
Shredding (or document destruction) is just one part of meeting your obligations as a data controller under the GDPR. You don’t only need to be concerned with things such as email encryption, digital access rights and how you process (or use) data. You also need to be concerned with how you dispose of data: either because of obsolescence, or a request to do so (usually by the data subject).
Documents for confidential shredding
Organisations operating within a range of sectors have varying documents that call for confidential shredding over standard shredding. However, the need for it is incredibly far-reaching. Let’s take a look at a few different examples:
- Personnel and HR records: Many businesses and organisations hold data (information) on their staff from the recruitment process until the end of the employment life cycle. This data is personal and at times will need to be securely disposed of (for example, when it is no longer needed). Furthermore, some of this data is classed as special category data under the GDPR and therefore comes with additional responsibilities and obligations. Most organisations will need to use confidential shredding for these types of documents, even if they have no other need for confidential shredding.
- Accounting and finance documents: Organisations handling card details, banking data, statements, personal accounts, tax returns and information and more have obligations under GDPR to ensure the secure destruction of such documents. This will also extend to payroll information. This means that businesses and organisations such as retailers, or with an accounting function, or with staff, all need to use confidential shredding.
- Medical information: Organisations which hold health data, for example regarding the medical history or current treatment of an individual must abide by particular clauses within the GDPR. There are special dispensations regarding explicit consent regarding such data, but there is still an obligation that such data is disposed of securely when required.
- Other special category data: A number of other types of special category data must be handled securely. This includes information about an individual’s sex life or orientation, race, ethnicity, religious views, political opinions, and trade union membership. It’s possible to see how a broad range of organisation types from schools, religious bodies, law firms, governmental bodies and more require confidential shredding when disposing of documents containing this data.
The data protection dangers of standard shredding
This still begs the question of why specifically confidential shredding is required – is standard shredding not sufficient?
Standard shredding is fine for some circumstances. However, the complete process is vulnerable to data loss, data theft, and data fraud. At each point in the process, if the documents ‘fall into the wrong hands’ then the organisation itself is culpable. This impacts not only in terms of fines for GDPR non-compliance but also reputational damage which can be incredibly difficult to rectify.
Therefore, additional security steps need to be taken. This is possible through two distinct types of confidential shredding:
- Onsite confidential shredding (sometimes known as mobile paper shredding).
- Offsite confidential shredding.
Both processes are designed to be completely secure methods of document destruction from the point of disposal through to the moment they are recycled. Both processes can rightly be called confidential shredding. Which you choose is a matter of preference. The biggest difference between them is being able to oversee the whole process yourself, versus trusting it to a professional and qualified service such as OnTimeShred. We offer both services.
You can find out more about the two different confidential shredding services here. To explain them briefly:
- Both services use secure lockable bins and cabinets positioned on your site allowing for secure disposal of confidential documents. Your internal processes will need to oversee how and when documents are disposed of, and by whom.
- At this point, the services differ slightly. For offsite confidential shredding, the waste is collected by our secure vehicles and transported to our shredding site, constantly overseen by DBS checked staff. You then receive a certificate of destruction. For onsite shredding, a mobile shredding vehicle attends your site. Again, a DBS checked staff member will shred the documents on site, under your supervision, allowing for a certification of destruction to be issued immediately.
Both services are cost-effective and can be used whenever you need them – either regularly or on a one-off basis.
The question to ask
The vast majority of organisations, under the GDPR, have obligations of ensuring the security of data (both in digital and paper form). Confidential shredding is one part of meeting these objectives. Organisations should, therefore, ask themselves not whether they need confidential shredding, but can their reputation and their bank balance afford not to use confidential shredding.
Find out more about the OnTimeShred confidential shredding service here or by calling 0330 333 1234.