Could your care company afford a large GDPR fine? Time to review the way you destroy sensitive data…

 the way you destroy sensitive dataCare companies do a vital job in looking after people with medical problems, disabilities, and mental illnesses.

They also provide important respite for unpaid carers.

To do those things, they hold a great deal of information on their clients and employees which is personal and confidential.

What sort of confidential information do care companies hold?

  • Client medical details– This information can contain a great deal of sensitive data including medical conditions and treatment, with which GP the patient is registered, details of hospital appointments, and details of disabilities.
  • Visit arrangements for clients– Data could include the timings of visits, how long they will last, whether anyone else visits the clients during the day or night, and who has keys to their homes.
  • Client personal details– Including names, addresses, phone numbers, email addresses, and next of kin details.
  • Employee details– Including names, addresses, phone numbers, national insurance numbers, details of their vehicles, and banking details, and details of any HR or disciplinary matters on file.
  • Staff rotas– Revealing where and when staff will be and how they will get there.

Is your company complying with the new GDPR rules on confidential waste?

Under the General Data Protection Regulation, your care company must safeguard the confidential and sensitive data held on your clients and employees.

Failure to do so can result in large fines – the most serious data breaches could see a company fined up to 4% of its annual turnover or 20 million Euros, whichever is the higher figure.

That means data protection is a vital part of protecting the future of your care business.

Dealing correctly with confidential waste such as old clients files and employee records has never been so important.

What should you do?

  • Your confidential paper waste should be shredded securely to ensure no one can gain access to it.
  • Your old computer hard drives should also be shredded to ensure they don’t fall into the hands of someone who will access the files. Simply deleting them merely erases the directory to find them, and people with computer knowledge will be able to recover your data.
  • Your old removable media such as memory stocks and image cards should also be shredded securely.
  • You should be given certificates of destruction for anything you shred to ensure you can prove where it went, if there is an investigation into a data breach.

Why should your care company choose to work with On Time Shred?

  • We meet the shredding standards set by the Centre for the Protection of National Infrastructure (CPNI)
  • We can destroy more than 10 tonnes of confidential waste every hour
  • We can reduce items to a dust-sized particle
  • Our employees are vetted
  • Our vehicles have GPS tracking and our premises have 24-hour CCTV coverage. Access to them is tested regularly
  • We give you a certificate of destruction so that you can prove your item was destroyed correctly, waste transfer notes and numbers, and an audit trail
  • None of our waste goes to landfill


Do you need help or advice? Call our On Time Shred experts on 0330 333 1234.