With less than a month to go, GDPR is causing a huge wave of activity from business owners across the UK, and probably across the whole of Europe too. But while a lot of businesses are focussing their efforts of digital security, they are missing one very important component of the regulation – their paper-based data. Just because the world is moving into digital processing, doesn’t mean that paper-based risk has gone away completely, and it would be a costly mistake to make.
In fact, research from the ICO during 2016 revealed that 40% of UK data security incidents were attributed to paper. These included:
- 19% – data being posted or faxed to the wrong recipient
- 14% – paper being lost or stolen
- 4% – data left in an insecure location
- 3% – insecure disposal of paperwork
Since that study was done, a 20% increase in loss or theft of paperwork has been observed. So you see, when paperwork presents nearly 50% of the risk, why is it not receiving 50% of the attention? And how do you protect your business?
Why Do I Need To Shred?
Simply put, shredding your paperwork is the single most secure way to dispose of it. Not only that, but it helps your business meet its GDPR requirements for data security by providing an effective and secure way of disposing of data, preventing access by third parties. After all, GDPR is concerned with how personal data is handled by businesses in both electronic and paper format. If you don’t have processes in place to protect the data you hold in hard copy, you are leaving yourself open to serious security risk, and potential fines from the EU regulator. This is because, under GDPR, you are liable if a data breach leads to an individual’s personal information being stolen.
One of the key components of data security is proper disposal of data – in any format. Unshredded documents can be read by anyone, so simply putting them in a bin or recycling bin isn’t going to cut it (see what we did there?). By shredding your documents once they have fulfilled their purpose, you are effectively destroying the information and preventing it from being read by third parties – fulfilling your obligations in one, simple action.
What If I’m Already Shredding?
If you’re thinking ‘well, I feed all my documents to the office shredder, so I’m, fine’ – you might want to check yourself first. You might still be at risk if your shredding practices aren’t at a high enough level to secure data completely. This is mainly because most office shredders are ‘strip cut’, which still poses a risk of breach through reconstruction (see our blog here for more info on that). Luckily, there are 3 main options business owners can use to ensure they are 100% compliant:
- Cross-Cut Shredders – cross cut shredders significantly increase the security of your destruction simply by adding in another blade. This leaves documents in tiny shreds that are almost impossible to reconstruct – which is what you need for GDPR level security. Find out more about cross cut shredders in our article here.
- Auto-feed Shredders – Because shredding is a time consuming and frankly, dull, task, one of the other big non-compliance issues is it simply not getting done. Auto-feed shredders remove the time-consuming element from the equation, since you just have to plonk a stack of documents on it and the machine will pull them through to shred. However, these machines are incredibly expensive and large, making them, a less than ideal solution.
- Secure Paper Destruction Services – And then there’s secret option number 3 – get someone else to do it for you. If you’re struggling to find the time to get your shredding done, or you need large volumes dealt with regularly, then outsourced shredding is the solution for you. Simply have a secure console (like a tall, enclosed bin) installed in your office and drop papers in as you’re done with them – your shredding partner takes care of the rest.
At Hungry Shredder, we specialise in making paperwork destruction as painless as possible for your business. Our secure shredding service mean that collecting data (and keeping it safe during the process) has never been simpler and will be easy to adopt throughout the company. When your paperwork is collected, it’s shredded in one of our mobile shredding units, and you are provided with a data destruction certificate then and there – as proof that you’ve met your obligations under GDPR. For more information, just get in touch with us today.