Posted on

The Journey To Zero Waste Starts With Shredding

zero waste nightmare

If you’ve been on the internet, social media or even Netflix over the last few months, you’ve probably heard of the ‘zero waste’ movement. It’s both a philosophy and a strategy for living that aims to reduce the human production of rubbish – particularly plastics, palm oils and other things that are harmful to our environment.  Plastic straws are the current target, with consumers calling for businesses to stop supplying them, and instead switch to paper alternatives. And while you might think that this consumer movement doesn’t impact you as a business, think again. Because as customers become more loyal to businesses who use paper products over plastic, you will need to change, and that will result in more paper waste for your business to deal with. So today, we wanted to look at the impact of the zero waste movement on businesses, how you can commit to it yourself, and how to handle your paper waste.

 

Why Businesses Should Care

 

Business people are real system optimisers. They don’t like “waste” because it is the result of a system inefficiency. Not only “waste” costs businesses money, but it also symbolises bad design as a whole. As circular thinking is getting popular, leaders from around the world are realising the perfect alignment between the zero-waste philosophy and business performance. Even smaller changes in the supply chain can have a ripple effect that’s positive to the bottom line, all of which helps the business become more successful. Plus, the positive press and goodwill that is generated from the zero-waste, environmentally friendly stance has been shown to translate into increased sales and customer loyalty. So overall, going zero-waste makes good business sense. And it’s good for the environment too.

 

Mission Zero Waste

 

Achieving zero waste requires significant management commitment, because it can impact every facet of a business. From product design, choice of manufacturing processes, logistics and supply chain decisions as well as waste management and recycling considerations. The supply chain processes play a pivotal role in realising targets through developing more sustainable product management and recycling practices. So the first step is to analyse every part of your business to determine where the waste is being generated. This may result in you switching manufacturers or suppliers, or even choosing to take some things in-house that you were previously outsourcing. A major change will be to opt for paper or biodegradable materials in your business instead of plastic, which not only reduces the environmental impact your business will have, but also makes it easier for you to dispose of waste ethically.

 

Dealing With The Paper

 

The good thing about zero waste is that it significantly reduces the amount of plastic waste businesses produce. But that plastic has to be replaced with something, and for most businesses, the best alternative is paper. That leaves you with another problem – what do you do with all the paper?! Thankfully, this is an easy one to solve. If you’re in retail and using paper for things like food containers, coffee cups and so on, most suppliers will also offer a collection and recycle scheme as part of the service. So you can fill a box, bag or other container and have it collected to be recycled. You also have kerbside recycling options, if they exist for businesses in your area. But for all of the other paper waste your business is producing, you have shredding companies like us. We take all of your unneeded, waste paper, and feed it through our industrial shredding units. The resulting shreds are secure – so you don’t have to worry about losing data – and formed into huge bales. These are then sent off to recycling plants all over the country to be reused again and again, reducing the amount of new paper needed and cutting down significantly on plastic manufacturing too. And we don’t just take paper – we can also destroy and recycle hard drives, old products, even fabric and clothing!

 

At Hungry Shredder, we work with businesses across the UK who want to reduce the amount of waste they are producing and support the environment. Our secure shredding service is designed to give businesses two main advantages – an environmentally friendly way to dispose of their waste products, with the peace of mind of knowing they have been disposed of securely and safely, in line with government guidelines and GDPR. If you would like to know more about how we can help you dispose of your waste effectively, just get in touch with us today.

Posted on

On-Site vs Warehouse Based Shredding – The Security Difference

When it comes to shredding, there are a lot of different options out there for you. Sometimes that can seem a bit confusing, and it can be difficult to work out what is best for your business. So today we’re here to help. There are essentially 2 different options available to you – on-site shredding, and warehouse or ‘plant’ based shredding, and choosing the right one is important for the security of your confidential data. But what are the differences, and what does your choice mean for your business?

 

What Is On-Site Shredding?

The important thing to remember here is that on-site shredding is not the same as in-house shredding. With in-house shredding, you are handling the job alone, probably with nothing more than a shop bought cross-cut shredder and employees who are not trained in how to handle confidential information properly. By contrast, on-site shredding is provided by an external professional data destruction service, on your premises. So even though the documents don’t leave your business location, it’s not your employees who are handling the process. Rather, the professionals are handling all of the shredding related tasks to ensure that the procedures utilised are proven to be completely secure. All materials designated to be shredded will be destroyed before the shredding company’s lorry leaves your location, providing you with peace of mind and ultimate security.

 

How Does It Work?

Your business prepares for on-site shredding by separating out all of the paperwork you are looking to shred. This is usually done using a secure shredding sack or unit, like this one. From there, there are two types of on-site shredding – one off and an ongoing service. The first is what you would expect – the shredding company comes once and shreds all of your designated material. With ongoing shredding, the company will come to your premises on a regular basis to shred any confidential material you’ve built up during that time. This is particularly popular for solicitors and other businesses that deal in high volumes of confidential paperwork. The load is then fed into the shredding company’s mobile shredding lorry, and you are provided with a certificate of destruction, which you can use to prove that you have met your obligations.

  

Pro’s And Con’s

 

Pros: 

  • Documents don’t leave your premises, ensuring complete security.
  • Significantly reduces employee time spent on shredding.
  • An ongoing service means that confidential data won’t build up
  • It’s a quick process

Cons:  

  • It can be more expensive than warehouse based shredding.

 

What About Warehouse Shredding?

 

Warehouse or ‘off-site’ shredding is another form of outsourced shredding solution, but the shredding is taken to a warehouse, instead of the warehouse coming to the office. Instead, a designated employee will bring the shredding sacks to the shredding company’s warehouse, where they will be processed. Swing-shift employees at the facility typically sort the material to be shredded on conveyor belts and then the material is shredded by a plant-based shredder.  The shred size generated by plant-based shredders is typically similar to what is generated by on-site shredding.

 

How Does It Work?

 

This option is even simpler than on-site shredding in some ways. Your business will store any documents that require secure destruction into a secure unit or sack until it is full. At that point, someone from the business will bring those documents to the shredding centre, or a courier will be arranged to collect them. The documents are then shredded using warehouse based shredding machines, and a certificate of destruction sent back to the business as confirmation that the service has been completed.

 

Pro’s And Con’s

Pros:

  • It doesn’t pull your employees away from their duties for very long.
  • You will not have to find a lot of storage space for obsolete material.
  • It can be less expensive than on-site shredding.

 

Cons: 

  • Your documents travel away from your business location, increasing the risk of loss or theft.
  • Your documents could sit for hours or even days in a warehouse before the job is completed.
  • Documents will pass through several hands before being shredded, increasing risk.

 

At Hungry Shredder, we specialise in making paperwork destruction as painless as possible for your business. Our secure shredding service mean that collecting data (and keeping it safe during the process) has never been simpler and will be easy to adopt throughout the company. We operate on both an on-site and a warehouse model, so you can chose the right shredding solution for your and your business. For more information, just get in touch with us today.

Posted on

Why You Need To Shred Paper To Be GDPR Compliant

With less than a month to go, GDPR is causing a huge wave of activity from business owners across the UK, and probably across the whole of Europe too. But while a lot of businesses are focussing their efforts of digital security, they are missing one very important component of the regulation – their paper-based data. Just because the world is moving into digital processing, doesn’t mean that paper-based risk has gone away completely, and it would be a costly mistake to make.

 

In fact, research from the ICO during 2016 revealed that 40% of UK data security incidents were attributed to paper. These included:

 

  • 19% – data being posted or faxed to the wrong recipient

 

 

  • 14% – paper being lost or stolen

 

 

  • 4% – data left in an insecure location

 

 

  • 3% – insecure disposal of paperwork

 

 

Since that study was done, a 20% increase in loss or theft of paperwork has been observed. So you see, when paperwork presents nearly 50% of the risk, why is it not receiving 50% of the attention? And how do you protect your business?

 

Why Do I Need To Shred? 

 

Simply put, shredding your paperwork is the single most secure way to dispose of it. Not only that, but it helps your business meet its GDPR requirements for data security by providing an effective and secure way of disposing of data, preventing access by third parties. After all, GDPR is concerned with how personal data is handled by businesses in both electronic and paper format. If you don’t have processes in place to protect the data you hold in hard copy, you are leaving yourself open to serious security risk, and potential fines from the EU regulator. This is because, under GDPR, you are liable if a data breach leads to an individual’s personal information being stolen.

 

One of the key components of data security is proper disposal of data – in any format. Unshredded documents can be read by anyone, so simply putting them in a bin or recycling bin isn’t going to cut it (see what we did there?). By shredding your documents once they have fulfilled their purpose, you are effectively destroying the information and preventing it from being read by third parties – fulfilling your obligations in one, simple action.

 

What If I’m Already Shredding?

 

If you’re thinking ‘well, I feed all my documents to the office shredder, so I’m, fine’ – you might want to check yourself first. You might still be at risk if your shredding practices aren’t at a high enough level to secure data completely. This is mainly because most office shredders are ‘strip cut’, which still poses a risk of breach through reconstruction (see our blog here for more info on that). Luckily, there are 3 main options business owners can use to ensure they are 100% compliant:

 

  • Cross-Cut Shredders – cross cut shredders significantly increase the security of your destruction simply by adding in another blade. This leaves documents in tiny shreds that are almost impossible to reconstruct – which is what you need for GDPR level security. Find out more about cross cut shredders in our article here.

 

 

 

  • Auto-feed Shredders – Because shredding is a time consuming and frankly, dull, task, one of the other big non-compliance issues is it simply not getting done. Auto-feed shredders remove the time-consuming element from the equation, since you just have to plonk a stack of documents on it and the machine will pull them through to shred. However, these machines are incredibly expensive and large, making them, a less than ideal solution.

 

 

 

  • Secure Paper Destruction Services – And then there’s secret option number 3 – get someone else to do it for you. If you’re struggling to find the time to get your shredding done, or you need large volumes dealt with regularly, then outsourced shredding is the solution for you. Simply have a secure console (like a tall, enclosed bin) installed in your office and drop papers in as you’re done with them – your shredding partner takes care of the rest.

 

 

 

At Hungry Shredder, we specialise in making paperwork destruction as painless as possible for your business. Our secure shredding service mean that collecting data (and keeping it safe during the process) has never been simpler and will be easy to adopt throughout the company. When your paperwork is collected, it’s shredded in one of our mobile shredding units, and you are provided with a data destruction certificate then and there – as proof that you’ve met your obligations under GDPR. For more information, just get in touch with us today.

Posted on

GDPR Myths (And What You Really Need To Focus On)

It’s close to crunch time, which means that GDPR has got everyone a bit hot under the collar. Even more so now that we’re down to a double digit countdown to implementation day. But there are so many articles and papers flying around that there has started to be some conflicting information out there, to the point that we now have ‘GDPR myths’, despite the regulation not even being in force yet. So today, we wanted to clear a few things up – looking at 4 GDPR myths and the truths behind them.

 

Breach Reporting

Under the Data Protection Regulation, businesses are required to disclose data breaches to anyone who’s data may have been compromised, In that sense, not a lot will change with GDPR. The new regulation still makes it mandatory to report a personal data breach if it’s likely to risk people’s rights and freedoms. To clear that up, the Information Commissioner’s Office (ICO) provided a paper that identified high risk ramifications to data breach, including discrimination, damage to reputation, financial loss and other significant economic issues. Mandatory reporting helps catch these things early, and put measures in place to prevent the damage.

 

Reporting Deadlines

Following on from mandatory reporting of data breaches., GDPR also sets out a timeline for when that reporting needs to happen. In order to be compliant, businesses need to notify the ICO that a personal data breach has taken place within 72 hours of discovering it. This does not mean within 72 hours of the data breach happening – but rather 72 hours from the moment of discovery. So if a day breach happened 3 months ago, but you only just discovered it at this moment, you would have 72 hours from now to report it. The ICO doesn’t expect all of the exact details right away either – they understand that you might not have all of the information in place, but they want to know the scope of the breach, the cause, and your mitigation plan.

 

Fines

GDPR also instigates a new type of fine for breach of its regulation – and its pretty heavy. Under GDPR, the ICO will have the power to issue fines for breaches, including failing to notify, and failing to notify on time. These fines can vary in scale, but climb as high as 4% of the company’s global annual revenue, or 20 million Euros – whichever is higher. But the regulation isn’t just about issuing huge fines. In fact, fines can be avoided if businesses take a transparent approach and comply with regulations.

 

Information Destruction

One of the bigger elements to GDPR is the ‘right to be forgotten’. With this in mind, businesses should no longer be keeping personal information any longer than necessary – and must delete or remove the data at the owners request. This means that businesses need to have an information destruction process in place and know how to follow it. The best procedures are ones that are simple to follow – which means you need an easy way to dispose of both digital and physical data. If you’re not sure how to do that – just ask your local shredding consultant.

 

There’s no doubt about it – even if you’ve never thought about it before, now is the time to take action. Every business handling EU data needs to be looking at its own processes, and taking steps to protect their business from the inside out. To learn more about how Hungry Shredder can protect your documents and hard drives, even under the watchful eye of GDPR, just get in touch with us today for your free consultation and quote.

Posted on

The GDPR Countdown

Last year, the UK government stirred business owners into a frenzy by announcing that the Data Protection Act 1998 will in May be replaced by the General Data Protection Regulation, in accordance with EU policy. The new regulation will be an update on the Data Protection Act, and it’s been a long time coming. The UK Data Protection Act was written before the internet and cloud computing transformed the way we generate, use and store data – both as users and as business. GDPR attempts to address these issues and put measures in place to protect data within new technologies. But now with just 4 months to go, it’s time to ask yourself if your business is GDR ready. Because if it’s not, you risk a fine of up to  €20 million. To make sure you don’t fall foul of this, we have a few tips to help you become GDPR compliant before the deadline.

 

Appoint A Data Protection Lead

GDPR isn’t just a few new rules – it’s an all encompassing regulatory change, which means it impact every aspect of your business as you know it. But rather than rolling out a whole bunch of changes and expecting your staff to understand, it’s important for you to assign a data protection lead within your business to deal with questions and issues. It will be their job to create a clear strategy that fosters change in your business, be fully trained in GDPR compliance and have the authority to make changes across the board.

 

Train Your Staff

The next logical step for you is to train your staff. While your data protection lead will be at the forefront of ensuring compliance, everyone within the business needs to understand their obligations under the new regulation, and how they need to modify their own work practices to meet them. It’s vital that every employee is confident in their role, and understand what the regulations mean for their daily processes and interactions with customers. Training should also include discussions of exactly what should happen if a data breach does occur, and the importance of notifying the relevant parties within 72 hours.

 

Audit Your Processes

At the moment, your business will have dozens of process in place for how it handles data, and they will all be compliant with the current regulation. But with the changes, you will need to go back and assess every single aspect of data gathering, storage, use and destruction of confidential, personally identifiable data, and work out if anything needs to change. This full process audit will take time, and undoubtedly need multiple changes for your business. So it’s better done sooner rather than later.

 

Get Your Partners In Place

If you’re a small business, you might not be able to handle it all on your own. There are many businesses out there that offer services to aid you in becoming compliant. From cyber security experts who can help you manage data, to secure destruction experts like us.

 

At Hungry Shredder, we help businesses dispose of their confidential data in a simple, secure and GDPR compliant way. Our shredding sacks allow you to collect paperwork, hard drives and other data storage facilities, and have them collected and disposed of securely, with a certificate of destruction provided at the end. In the run up to GDPR, we are helping business owners across the country put policies in place to tackle the final element of GDPR data handling – the destruction. To find out more, just get in touch with our team today.

Posted on

Data Breach? What Do You Do Next?

Did you know that over 2017, 46% of small businesses across the UK reported significant data breaches? For medium sized businesses this rose to 66%, and a staggering 68% of large firms reported similar breaches. This increase in cyber breaches only brings the total value of us to £2.48 million per year. So this raises the question – what is a business supposed to do when they experience a data breach? And with GDPR only implementing more rules around how to handle data breaches, it’s essential that everyone in your business understands what to do in the event of a data breach. To help you out, here are 6 things you need to do.

 

Put A Response Team In Place

As soon as you become aware that there’s been a breach, you need to alert and assemble a response team. If you don’t have one in place, you need to create one. Your response team is essentially a group of people, either internal or external, who have the skills to deal with a breach, fix it and deal with the fallout. This team should have decision making authority, and report to the board on progress regularly. Having an incident response team in place has been proven to be a cost-reducing factor in a huge number of data breaches, large and small, saving on average £12.37 per data record affected.

 

Contain The Problem

When you become aware of it, your second priority should be a containing the problem. Identify the source of the breach as quickly as possible – was it a faulty firewall? Malware? A phishing scam? Or maybe an insider information leak. Once you have identified it, take steps to contain the issue. This could mean isolating a particular area of your network, locating a lost piece of equipment or even just changing the access codes of the front door.

 

Assess The Risks

Now it’s important to determine how sensitive the breached data is, and what the real-time risks are. If it’s a ransomware attack, perhaps the ransomed data is just needed by employees to do their jobs, and there are backup files that can be accessed. Theft of customer data, on the other hand, could lead to identity theft, so you should inform the police if appropriate.

 

Solve The Problem

And obviously, you should ensure you take steps to solve the problem once it’s contained. Again, this depends on what the issue was to begin with, so it will be handled differently every time. Once the breach source has been dealt with, you can take steps to protect your systems from attack in the future.

 

Send Out Notifications

This is the part most businesses don’t want to do, because they are worried it will risk their reputations in the marketplace. But it is a legal requirement for you to notify individuals whose data was, or could have been accessed and affected by the breach, so you’ll have to swallow your pride on this one. Sending out notifications early means your customers have the best chance of protecting their data, so it’s important for them and you to do this swiftly.

 

At Hungry Shredder, we believe that every business should put protecting their customer data at the forefront of their operations. That’s why we provide secure and confidential shredding services to business owners around the country. To learn more about how Hungry Shredder can protect your documents and hard drives, just get in touch with our team today.

Posted on

Get Ready For Christmas – Know How To Recycle Your Devices

It’s November, which means the countdown to Christmas has officially begun in the UK. For the more organised people, it means sorting out Christmas presents before the December rush. Maybe even in the Black Friday sales. And one of the most popular gifts this year is new technology. But there is one thing that all of these shiny new devices, and that’s what you do with the old ones? This year, make sure you know how to recycle your old devices, without putting your data at risk.

 

Use The Retailer

 

This is perhaps one of the simplest methods to use. Due to increasing pressure for corporate responsibility, many technology retailers will offer recycling programmes in house. One of the biggest retailers to have this in place is Apple. Since 2014, they have been running a scheme called Renew and Recycle, where you can bring in (or send in) any old Apple products you have (no matter how old they are), and Apple will either recycle them or refurbish and resell them. If they fall into that last category, you will be given an Apple gift card in return for your items. Many of the bigger tech retailers will offer similar schemes, so all you need to do is ask, and it’s as simple as 1 2 3.

  

Wipe It And Sell It

 

One of the most popular options (maybe because the first one isn’t that well known), particularly for phones and tablets, is to sell them on. This can either be privately, online using platforms like eBay or even to re-sellers like Mazuma Mobile. The thing you need to remember in this one is to wipe all of the data from your devices before you sell them on. For mobiles and tablets, this is as simple as just going into the settings and hitting ‘factory reset’. For things like laptops and computers, this will not only mean formatting the hard drives, but removing and shredding them as well.

 

 

WEEE Schemes

 

Your third option is probably best for your older or broken equipment. You know, the kinds that’s been sat in the back of the cupboard for quite a while, just taking up space. The old, chunky TV’s, the broken desktop computer and the ancient tablet. For these, there is the WEEE scheme. WEEE stands for the Waste Electrical and Electronic Equipment directive. This is the EU directive that instructs people and business owners to recycle and reuse their old, waste IT through dedicated centres. Every local authority will have a WEEE centre or scheme in place, so it’s simply a case of finding your local centre and taking your equipment to them. There are also businesses like Veolia, who handle the process for you. You will want to ensure that you have wiped any data from your devices or remove your hard drives before you do. There is no reward for you in taking this route, but it is a way of removing that equipment form your home or business without risking your data.

 

At Hungry Shredder, we help businesses and individuals dispose of their old, unused hard drives in the most secure way possible. So instead of ending up with a drawer full of old hard drives, you can ensure your data is safe and your drawers are free. By shredding your hard drives, you are ensuring that any residual data on them (because there is always residual data) is well and truly destroyed. For more information about our hard drive shredding services, just get in touch with our experts today.

Posted on

1 Out Of 3 Business Owners Still In The Dark Over GDPR

With only 5 months to go until the implementation of GDPR, new research from the Institute of Directors has revealed that 1 in 3 directors are still in the dark about what the regulation means for them, and what they need to do. In fact, several of them didn’t even know what GDPR was. But GDPR will affect every single element of every single business in the UK – so every business owner needs to understand their obligations. Particularly when it comes to confidential data stored in paper form.

 

Preparation Is Key

 

The key to ensuring you don’t end up on the wrong side of GDPR is preparing your business well in advance. This will mean reviewing your data practices at every level – from the highest level of cyber secured data to the smallest shred of paper with a credit card number scribbled on it while taking payments over the phone. But too many businesses are focussing on the digital side of things, while neglecting other elements of their business that need attention. GDPR will impact not only your IT, but your HR department, legal, marketing, sales, and yes, your paperwork.

 

That’s why Jamie Kerr, Head of External Affairs at the Institute of Directors, said:

 

“It was clear from the outset that this would be a mammoth task for small and large businesses alike, but the scale of the challenge has not necessarily translated into preparedness for the new regulation, despite the huge costs of non-compliance. The Government and the regulator must pull their weight on this issue, as it is set to have a significant impact on businesses across sectors and regions in the UK.

 

“It is crucial everyone understands just how big this regulatory change will be for business leaders over the next few months. GDPR also comes hot on the heels of a number of big regulatory shifts for business over the past few years. We should also not forget the potential of extensive preparations that will be needed as we depart from the EU. Taken altogether, it’s not the easiest time to do business in the UK.”

 

So really, it’s all about understanding how GDPR will impact your business, and actively preparing for it.

 

What’s That Got To Do With Paperwork?

As we mentioned in one of our previous blog, paperwork is one of the main things bosses are forgetting in the run up to GDPR, and yet it’s one of the central principles. Because over 95% of businesses still keep confidential data in paper format. That can be anything from customer credit card numbers to employee national insurance numbers. And with GDPR bringing in stricter rules on what is classified as personal information, and what can be done with it, it’s now more important than ever that business owners get their paperwork in order.

 

While we can’t help you with the in house compliance bit, we can help you handle what happens to your paperwork once it isn’t needed anymore. Rather than risk throwing it in the recycling bin (which would be classified as a breach, as it’s all too easy to steal from) or spend hours hunched over your shredder every few weeks, you can outsource your data destruction instead. Our shredding services simply require you to fill a bag with paper to be destroyed, and then give us a call when it’s full. Our experts will collect it from your offices, securely destroy it for you and even provide a proof of destruction certificate, so you can prove you have met your obligations at every stage. For more information, get in touch with our team today.

 

Posted on

Understanding Your Paperwork Obligations

When it comes to running a business, nothing is ever simple. This goes double for your paperwork. Even though more businesses than ever are aiming for the ‘paperless’ goal, paperwork is still a huge pain point. There are a huge number of processes that need to be followed with paper, and many more industry specific rules. But there are some key regulations that govern how businesses manage paper, and you need to know what they are, and how you can stay compliant.

 

Companies House Filings

 

Of course, as a UK business, you have some basic obligations for paperwork with Companies House. These obligations are mainly around what you need to keep, and for how long. Every UK business is required to keep the following documents for 6 years:

 

  • Accounting records
  • Stock records
  • Details of goods bought and sold, including parties involved (unless you are running a retail business)
  • Financial records (such as receipts, petty cash books, delivery notes, copies of invoices, contracts, sales books)
  • Balance sheets
  • Profit & loss statements
  • Financial forecasts

 

Because these records are highly sensitive, businesses also need to stay on top of destroying these once that 6 year timer runs out. Otherwise, you are leaving your business open to identity theft and fines from Companies House. That’s where your shredding partner comes in – we help you destroy these documents securely and on time.

 

On top of that, you will need to keep a few bits of paperwork indefinitely, like:

 

  • Detailed record of the company
  • Results of any shareholder votes
  • Specifics of any company loans
  • Record of share purchases and sales

 

Data Protection

The Data Protection Act is the final authority in how your business should be handling data. You might think you don’t really handle data in paper form, but we can guarantee that you do. The Data Protection Act defines 2 types of data businesses can hold on people (customers, suppliers, employees and more).

 

  1. Personal Data –

    Data which relates to a living individual who can be identified from the data, or from the data and other information which is in possession of, or likely to come into the possession of the data controller; and it includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

     

 

  1. Sensitive Personal Data –

    Sensitive personal data is defined as personal data consisting of information relating to the data subject with regard to racial or ethnic origin; political opinions; religious beliefs or other beliefs or a similar nature; trade union membership; physical or mental health or condition; sexual life; the commission or alleged commission by the data subject of any offence; or any proceedings for any offence committed or alleged to have been committed by the data subject, the disposal or such proceedings or the sentence of any court in such proceedings.

     

 

That might all seem like a mouthful, but it basically means any data on an individual is covered by the Data Protection Act. So you are under obligation to keep this information secure, accurate and up to date. You must also ensure this data is not kept any longer than it is needed, and destroyed securely (with evidence) when it is no longer needed.

 

GDPR 

Of course, The UK Data Protection Act is living on borrowed time now. In May 2018, this act will be will be replaced by the EU regulation GDPR (which we have talked about before). Luckily, if you are compliant with the Data Protection Act you shouldn’t have too much of a problem getting your paperwork ready for GDPR. The main changes will be the ‘right to be forgotten’ and an intensified focus on privacy. This means you will need to ensure that you can easily find all paper records for individuals in order to destroy them, if requested. This on its own has lots of businesses scrambling to either redefine their filing systems ‘by person’, or to make the switch to paperless working. Either way, you need to be confident you can find everything you need if one of these right to be forgotten requests comes in. The second thing GDPR will affect in your paperwork obligations is privacy. You will need to analyse your processes and ensure that all data is kept secure and private. No one should be able to access documents if they aren’t authorised, and paperwork should all be destroyed properly and securely every time.

 

At Hungry Shredder, we help businesses get (and stay) compliant with their paperwork obligations by providing a secure method for document destruction. Our secure paper and hard drive shredding services ensure that your documentation is destroyed properly, and a full record is given of that destruction. That means you are not only meeting your privacy and destruction obligations, but you can prove it too. To find out more about what we do, get in touch with our team today.

Posted on

Why Your Paperwork Needs To Be GDPR Ready

By now, most business owners have heard about the looming spectre of GDPR. Depending on what industry you’re in, you may have only head the term in hushed voices. Or you might have been hearing about it every day for months and be sick of the subject. But either way, you need to be aware because GDPR affects all businesses in the UK.

 

What Is GDPR?

GDPR stands for ‘General Data Protection Regulation’, and is essentially the EU’s answer to all other data protection laws – including our own Data Protection Act. It came about because the EU noticed that all of its citizens were having their personal data treated differently by different countries because each country had its own rules about how sensitive information should be handled. Some were being protected well, but others were finding their data was being put at risk thanks to lax security laws. So instead, GDPR will apply to all EU countries, standardising and unifying data protection standards. The regulation is mandatory for all EU countries, and also extends to any non-EU business that handles EU citizen data. In short, the EU is dedicated to the protection of their citizen’s personal information. But this does cause some problems for UK businesses.

 

But How Does GDPR Affect My Paperwork?

GDPR is currently in a transitionary phase that allows businesses to get their affairs in order before the official launch date of the 25th May 2018. All UK businesses have until this date to ensure all of their systems are secure and prepared. This will mostly consist of IT systems upgrades, which are easy to test and change. But the same can’t be said for paperwork. Experts have revealed that businesses face their most significant challenges in applying GDPR to paper records. The regulations set out exactly how data should be acquired, used, stored and destroyed – all of which is much more complex in paper. So to help you get ahead, we have a few tips for you:

 

Make Sure You Can Find What you Need –  GDPR includes a wonderful little rule that enshrines the right of individuals to ‘be forgotten’ by businesses. In other words, people will be able to request that a company delete any and all personal data held on them, and the company has to comply. But while it might be easy to search and delete data form a database, it isn’t the case with paper records, which are often scattered around various storage areas in the business. So in order to be compliant, you may need to re-organise your filing system to make finding all data on a single person possible, without causing headaches.

 

Remember That Paper Can lead A Double Life –  Clearly defined processes for managing information from creation to secure destruction may not be enough on their own to comply with GDPR. Paper can slip through the cracks of the strictest information security frameworks, simply by being copied of printed or left lying around. This in itself is enough to constitute a breach of GDPR. We recommend you compliment your document management strategy with regular employee training and communication, to show staff how to merge information securely and support a business wide culture of information responsibility.

 

Build Privacy Into Your Processes – The GDPR is designed to bring privacy to the forefront of the way businesses produce, manage and dispose of information. For physical paperwork, this will be all about data handling processes. Ideally, you should make it difficult (if not impossible) for unauthorised people to access or copy documents. Disposal of documents should be secure and thoroughly documented. So your information storage, retention and destruction processes all need to be reviewed and amended with privacy in mind. This may mean investing in lockable or keypad protected document storage, and hiring an external shredding company to carry out destruction and document that destruction.

 

At Hungry Shredder, we know a lot about paperwork. In preparation for GDPR, we are helping customers to evaluate the security of their documents and how they are destroyed. Not only that, but our secure shredding service provides a simple, easy way for businesses to fulfil their GDPR obligations, without having to lift a finger. And because we provide official certification of document destruction, we are the ideal partner for your GDPR paperwork needs. To find out more, just get in touch with one of the team today.