Why do I need to Shred Data?
On the 25th May 2018 a new law came into play, The General Data Protection Regulation (GDPR) affecting businesses of all shapes and sizes.
All business, Irish Business or International generate and process data through their operations. This data has to be created, managed and destroyed (i.e. Through a Paper Shredding Service, In-house Shredding and/or Hard-Drive Shredding Service).
The GDPR splits data mainly into two categories;
Personal Data (i.e. information which can directly connect to or identify a living person such as; name, phone number, medical history etc.)
Special Category Personal Data (i.e. personal data in relation to; ethnicity, political/philosophical opinions/beliefs, religion, mental health, criminal records etc.)
Each of the above categories have specific requirements when processing such information. This means it is important to know what category you are processing.
Enforcement Authority
Each EU state has an independent public authority accountable for enforcing the implementation of this regulation. This is the Data Protection Commission in Ireland.
The GDPR harmonized the rules to how data is to be managed in order to protect individuals. The management includes, the gathering/creation of the data through to the final destruction/disposal of the data through a paper shredding service or IT Asset Disposal Service.
There are serious implications that can occur if a business does not follow the GDPR requirements. It may be a warning or a large penalty of at least 4% of your annual global turnover or €20 million – whichever is higher. Compliance is essential.
Shredding Service Industry Associations
There are many associations across the world for Shredding Companies to become a member. This provides peace of mind for individuals as the Association can apply guidelines for their members to be compliant with International Legislation.
Length of Time Storing Data Prior to Secure Shredding / Data Erasure
Information must be kept for as little time as possible. It is important to take into account why your company needs to store this data; is there a legal obligation? A system should be put in place with time limits/reviews and updates to out of date information/data.
To summarise, you need to shred/destroy out of date records/files/documents because it is the law. In order to be fully compliant it is invaluable to use a quality certified destruction service that will not only ensure all data is eradicated but will also provide compliance certification for your records. This will be invaluable when proving that your company/business is fulfilling their obligation to the GDPR.
The law is reason enough to shred on its own but how do businesses know what service best suits them? In our upcoming blog posts I will be discussing different types of shredding, what makes the shredding company you choose legally compliant and if onsite or offsite shredding would work best for you?
For Further info – please contact the team at Security in Shredding info@securityinshredding.com
Specialising in secure confidential document shredding services with a reputation for exceptional security, customer service. Delivering value for money and the utilisation of leading technology compliant to the highest security standards within the industry.