Personal and confidential data has become one of the hottest topics of the last few years, with people becoming increasingly concerned about how their data is stored and disseminated by business. And rightly so. In 2015, Government statistics showed that 90% of large and 75% of small UK businesses experienced a data breach. While much of the discussion has been around keeping our digital systems secure, the UK’s data protection regulator, the Information Commissioner’s Office (ICO) found that 40% of the 598 data security incidents recorded between July and September 2016 were attributable to the misuse of printed materials.
Paper security has long been an Achilles heel for many companies. Disposal of sensitive data takes time and can be low on the list of priorities; a job for the most junior member of the clerical staff tasked with feeding sheet after sheet of A4 paper into a high street shredder.
Doing the bare minimum is no longer an option
In May 2018 the EU’s General Data Protection Regulation (GDPR) came into effect. It requires organisations to affect rigorous security practices with both electronic and paper-based personal data. That means putting in place a system for the storage, disposal and collection of a wide range of printed material. Failure to do this could result in fines of up to 20 million Euro or 4% of the company’s global turnover.
If your business doesn’t already have an appropriate confidential waste policy in place, what should you do about it?
Every business needs to begin by creating a robust confidential waste policy that covers every area of their working environment. A watertight document, like the policy CSRB can produce for you, is as important as the locks on your doors.
What does it cover?
The purpose of the policy is to detail procedures for the retention and disposal of confidential information and personal information, ensuring that it is carried out consistently and that any actions taken are fully documented.
What is confidential waste?
Anything that contains information that identifies an individual or any waste that is business sensitive. This includes obvious items like customer records, bank account details, contracts, payroll and pension data but the new rules mean you also need to think about travel information, notices of day to day meetings and even trade magazines and catalogues. We can help you identify all of the areas that affect your business.
How do you deal with it?
A good policy will describe the best practice for handling this waste. Don’t think of it simply as ‘disposal’ or ‘recycling’, we’ll talk you through the options for storage of sensitive documents that you don’t want to dispose of immediately.
Think more holistically about your working environment and the role confidential data plays in it. Most spaces are now served by a variety of internal recycling bins, but do you really know that the right material is going in them? Dedicated confidential waste bins are an essential part of any data management system.
Every member of staff needs to be engaged in this process for it to be fully effective. They’ll need to be able to identify sensitive documents and ensure their work is locked away at the end of the day. That means providing enough secure storage including cabinets and lockable desks.
A high street shredder simply isn’t going to cut it
GDPR asserts that sensitive and confidential documents should be disposed of using a cross cut shredder to 2mm x 15mm, or by an approved disposal firm. The most sensitive data will also require a certificate of destruction.
Whether you choose to do it yourself or hire a company like CSRB, there is a financial cost for your business. In manpower terms, using a professional shredding service means you’ll be freeing up staff to do the job they are employed to do. For your peace of mind, outsourcing your waste management protects your business from significant losses through corporate fraud, GDPR fines or loss of business.
If you’d like us to create a tailor-made confidential waste policy for you – at £165 + VAT, get in touch with CSRB Ltd.