By now, most business owners have heard about the looming spectre of GDPR. Depending on what industry you’re in, you may have only head the term in hushed voices. Or you might have been hearing about it every day for months and be sick of the subject. But either way, you need to be aware because GDPR affects all businesses in the UK.
What Is GDPR?
GDPR stands for ‘General Data Protection Regulation’, and is essentially the EU’s answer to all other data protection laws – including our own Data Protection Act. It came about because the EU noticed that all of its citizens were having their personal data treated differently by different countries because each country had its own rules about how sensitive information should be handled. Some were being protected well, but others were finding their data was being put at risk thanks to lax security laws. So instead, GDPR will apply to all EU countries, standardising and unifying data protection standards. The regulation is mandatory for all EU countries, and also extends to any non-EU business that handles EU citizen data. In short, the EU is dedicated to the protection of their citizen’s personal information. But this does cause some problems for UK businesses.
But How Does GDPR Affect My Paperwork?
GDPR is currently in a transitionary phase that allows businesses to get their affairs in order before the official launch date of the 25th May 2018. All UK businesses have until this date to ensure all of their systems are secure and prepared. This will mostly consist of IT systems upgrades, which are easy to test and change. But the same can’t be said for paperwork. Experts have revealed that businesses face their most significant challenges in applying GDPR to paper records. The regulations set out exactly how data should be acquired, used, stored and destroyed – all of which is much more complex in paper. So to help you get ahead, we have a few tips for you:
Make Sure You Can Find What you Need – GDPR includes a wonderful little rule that enshrines the right of individuals to ‘be forgotten’ by businesses. In other words, people will be able to request that a company delete any and all personal data held on them, and the company has to comply. But while it might be easy to search and delete data form a database, it isn’t the case with paper records, which are often scattered around various storage areas in the business. So in order to be compliant, you may need to re-organise your filing system to make finding all data on a single person possible, without causing headaches.
Remember That Paper Can lead A Double Life – Clearly defined processes for managing information from creation to secure destruction may not be enough on their own to comply with GDPR. Paper can slip through the cracks of the strictest information security frameworks, simply by being copied of printed or left lying around. This in itself is enough to constitute a breach of GDPR. We recommend you compliment your document management strategy with regular employee training and communication, to show staff how to merge information securely and support a business wide culture of information responsibility.
Build Privacy Into Your Processes – The GDPR is designed to bring privacy to the forefront of the way businesses produce, manage and dispose of information. For physical paperwork, this will be all about data handling processes. Ideally, you should make it difficult (if not impossible) for unauthorised people to access or copy documents. Disposal of documents should be secure and thoroughly documented. So your information storage, retention and destruction processes all need to be reviewed and amended with privacy in mind. This may mean investing in lockable or keypad protected document storage, and hiring an external shredding company to carry out destruction and document that destruction.
At Hungry Shredder, we know a lot about paperwork. In preparation for GDPR, we are helping customers to evaluate the security of their documents and how they are destroyed. Not only that, but our secure shredding service provides a simple, easy way for businesses to fulfil their GDPR obligations, without having to lift a finger. And because we provide official certification of document destruction, we are the ideal partner for your GDPR paperwork needs. To find out more, just get in touch with one of the team today.