1

GDPR will impact on paper records held in your office

The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will have enormous implications for businesses of any size. The new legislation is far more comprehensive than the Data Protection Act which is currently in force and will affect every business which maintains records of EU citizens. Data breaches are treated very seriously under GDPR and these will incorporate both paper and computerised breaches. Organisations will need to consider data protection and privacy measures at all times under this new legislation and the secure handling and storage of electronic and paper-based media will need to be in force at all times.

Requirements of GDPR

CLC Presentation Systems provide shredding machines throughout the UK from our bases in London and Scotland. We understand that shredding will form an intrinsic element of document management under GDPR, as data protection will need to be an important consideration at all times. Non compliance with GDPR legislation is likely to result in fines of up to around £17.5mn or 4% of business turnover, whichever is the greatest, so it’s clear that staying on top of all requirements of GDPR will be critical for companies of any size.
Some of the key requirements of GDPR include:

Transparency

Companies will be required to maintain comprehensive information security policies, detailing the reasons data is processed and maintained, how data is managed and what safeguarding procedures are in place. Organisations with more than 250 employees will be required to appoint a data protection officer, although any business that processes personal data should also appoint to this position.

Personal information

GDPR relates to the personal data of all EU citizens. Personal information could be something as simple as an IP address or email address for a supplier or it could relate to customer details held on a database. All companies that maintain employee records and carry out payroll activities will be processing personal data, and even something like a telephone card index of suppliers or potential leads is classed as personal information which is being processed by your company.

The correct methods of disposing of paper records need to be in place to comply with GDPR, so shredding machines should be a vital piece of office equipment for any business, irrespective of company size.

Data breaches

Data breaches involving the loss of personal information will need to be reported to the statutory authorities within 72 hours of discovering the breach. It is also possible that individuals concerned will need to be notified as well.

Privacy impact assessments

Where there are risks that personal details could be breached, privacy impact assessments will need to be conducted and these records need to be maintained on a consistent basis.

Individual rights to be forgotten

Where personal details are held on EU citizens, there is an automatic right to be deleted, or forgotten, in place. Individuals can contact companies and request their details are deleted and this will need actioning within a set period of time. It will be very important that where records are deleted, all paper records are also destroyed and this is one of the reasons CLC shredders UK are a good choice to ensure documents are completely eradicated.

Training

GDPR calls for staff awareness and the training of all employees with regard to personal data processing operations and a company policy relative to data security should be maintained at all levels of any organisation.

Security and privacy

GDPR specifies that the appropriate organisational and technical measures should be in place to protect data at all times. Maintaining a secure workplace can also safeguard confidential information. Maintaining procedures such as a clean desk policy in the workplace and a policy for shredding all documents could be ways organisations get to grips with the complete ramifications of this new legislation.

CLC Presentation Systems provide shredders in Scotland and the UK and sell HSM and Ideal shredder brands. Both of these shredders are German built and engineered to the highest possible standards. We are confident that our shredders can handle business waste at all levels and help maintain the confidentiality in the workplace that is required under the terms of GDPR. Contact us to find out more about our range of top quality HSM and Ideal shredders.