It’s been nearly 2 years since GPDR came into full force, and we’re now at a stage where most businesses are fully aware of what the legislation means for them, and how to enforce it. However, there are still concerns around how many of those businesses are actually compliant with the regulation, or have put the right policies in place to protect the business and their data to the right level. When GDPR first came into practice, there were a lot of questions around whether companies were really ready for everything it entails – particularly when it came to more ‘back end’ issues around data management – particularly when it comes to the physical paperwork.
The Big Question
The big thing many businesses miss in this legislation is that it doesn’t just apply to digital data. While that certainly is a focus of GDPR, the rules apply to data in any form – including physical paperwork. Physical paper is just as much – if not more of a risk point for many businesses than digital data. Yet when asked what kind of support they had sought and received for this area of business, 44% of businesses cited issues solely around digital data and encryption – and nothing for physical paperwork.
Just like with digital data, businesses should be making sure they have a set of strict internal procedures in place to deal with the protection of paper records of all kinds. Many of the issues faced by businesses, including inadequate long-term storage solutions for paper documents (like archives wit unrestricted access) are a key point of vulnerability that is often overlooked. Other areas of risk include documents containing personal information left on printers, out on desks or even in bins during the day and overnight. All of these things mean you could be in breach of GDPR without even realising it.
Creating A Secure Paper Trail
So, how can businesses address this? By creating a secure audit trail for their paperwork, and reassessing how they protect their business from security risks around both physical and digital data. After all, businesses who are investigated by the ICO and found not to be actively protecting their physical paper records are likely to get a much harsher treatment than those who have made their best effort. This means having processes in place, and making sure your workforce are aware of the risks, have received appropriate training and have access to the right tools.
One of the ways you can do this is by providing a set of lockable consoles specifically for paperwork. Using one for documents currently required means you can encourage a ‘clean desk’ at night policy to prevent theft, while using another to store documents that are no longer useable and are simply waiting to be destroyed means you can ensure their security too. By working with a secure shredding partner, you can get access to these consoles, as well as have them regularly emptied and the document securely destroyed, meeting your obligations under GDPR.
Nearly 2 years on, it’s amazing just how many businesses are still not completely prepared for GDPR, or ready for an inspection, with physical paperwork being one of the biggest holes in their preparations. At Hungry Shredder, we work closely with businesses to help them meet their GDPR obligations by providing a secure and auditable shredding service. Our team can help you put systems in place to protect your data and keep you on the right side of the ICO, with fully traceable and auditable trails and proof of destruction every time. To find out more just get in touch with us today.