The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018 and businesses failing to prepare for GDPR – and consequently failing to comply – may face a large fine (up to 4% of their turnover) imposed by the Information Commissioners Office (ICO).
GDPR applies to all organisations processing the personal data of individuals, in both electronic and physical formats. Failing to ensure proper procedures are in place will pose a high risk to businesses; under GDPR, a business is liable if a data breach leads to an individual’s information being stolen.
Research from the ICO revealed that over 40% of UK data security incidents in 2017 were attributed to paper documents and, under the new legislation, businesses using a standard office shredder may still be at risk since documents may not be shredded to a high enough standard.
B&M Secure Shredding are supporting organisations on how to prepare for GDPR compliance, helping them to reduce potential risks. Paul Curtis, Director of the Carbon Neutral shredding service, advises; “It’s important to try and reduce human error as much as possible, taking responsibility away from your staff. The most secure process is to use a locked console for storing all potentially sensitive paper waste then have it professionally – and, most importantly, securely – shredded.”
B&M’s uniformed operatives, vetted to BS 7858, visit each locked console and remove the full sacks, replacing each with an empty sack. They then offer an on-site or off-site shredding service for confidential material. All organisations – regardless of whether they choose an on- or off-site service – will receive an electronic Certificate of Destruction as proof that can be held for audit purposes.