Is your business GDPR compliant? Let us help you get there…

When it comes to making their businesses GDPR compliant, many people think about cybersecurity.

However, they should also be thinking about the security of their confidential waste to ensure they don’t fall foul of the General Data Protection Regulation.

To be fully GDPR compliant, they need to be shredding their waste securely.


What are your business’s duties under GDPR?

  • You have to appoint a data controller.
  • You must know what confidential data you hold and how it is held.
  • This data includes names, addresses, bank details, credit card numbers, national insurance numbers, email addresses, and, for the first time, IP addresses.
  • You have to let people know how long you will hold their data and for what purpose.
  • You must allow anyone, a client, supplier, or member of the public to ask what data is held about them and provide them with answers.
  • You have to allow people the right to have their data corrected. Some may also request the deletion and you’ll need to have a legal basis for continuing to hold it.
  • You must inform the authorities of any data breach within 72 hours and, in more serious cases where there is a high risk, inform the parties affected directly.
  • You need to have data security systems in place which, if there is a breach, may be investigated by the Information Commissioner’s Office.
  • If your business is found to have breached GDPR, you could face a substantial fine. The maximum is 4% of worldwide annual turnover or 20 million Euros, whichever is higher.


How does all this affect your business’s confidential waste shredding regime?

Any old documentation which contains confidential data must be destroyed securely to ensure it doesn’t fall into the wrong hands or land your business with a hefty fine.

Discarded confidential waste paperwork is also still one of the main ways hackers and identity thieves use to gain access to your systems.

Dealing with old hard drives, smartphone SIM cards, and other removable media is also hugely important as they contain so much data. They, too, should be shredded.

It’s vital that you have an audit trail for your confidential data to prove your business is handling it responsibly.

That means getting certificates of destruction for each load and ensuring your old paperwork is shredded to tiny pieces before being sent for recycling. It also means using a provider with vetted staff, secure sites, and vehicles tracked by satellites.

Why is this audit trail important? If there is an ICO investigation it means you can show that your business takes data security seriously and did the right things. It could prove a breach occurred elsewhere or reduce the size of any fine if a breach did happen at your business.


Why choose On Time Shred to help you become GDPR-compliant?

  • We operate to the standards set by BSI for quality, environmental protection, health and safety, information security and document destruction.
  • We’re ICO accredited and our staff are vetted to BS-7858 and have CRB checks.
  • Our vehicles have GPS tracking and our secure shredding sites have 24-hour CCTV.
  • We also offer shredding at your site so your confidential waste doesn’t have to leave your premises for recycling until it is shredded.
  • We have the capacity to shred documents to dust particle size.


Need our help to become GDPR compliant? Call our On-Time Shred experts on 0333 251 2349.