GDPR Compliance – General Data Protection Regulation

The General Data Protection Regulation directly affects Organisations upon a Global scale. For example, Organisations originating from The United States, having offices both within The European Union and the US, and, export personal data from The EU to the US will need to comply with the GDP Regulations or be subject to the consequences set within the GDPR.

When/if an Organisation experiences a Data Breach, under the GDPR, the following may apply subject to the extent of the breach; The Organisation is required to inform the relevant Data Protection Authority and the owners of the breached data. The Organisation could be fined up to €20 million or 4% of GLOBAL TURNOVER.



Exemptions are provided under the GDPR and they are based on whether appropriate and adequate security controls are in place within the Organisation. An example, a breached Organisation who has rendered the data unintelligible by means of encryption to an unauthorised access person, is not mandated to notify the records owner.

The likelihood of receiving fines will also be reduced if the Organisation can demonstrate a “Secure Breach” occurred.

Data Control

Under the GDPR, Organisations are to remain in control of their data ensuring that the said data is only accessed by authorised persons only when appropriate. Secure destruction of paper files is to be complete in line with European Standards specific shred sizes. The data has to be in an unreadable state.

Encryption is deemed to keep digital in an unreadable state without the appropriate key. Organisations appropriately using encryption in conjunction with access controls can illustrate their data’s security and integrity.

Data Security

  In addition to encryption and appropriate destruction methods, Organisations will be  required to conduct full risk assessments and adopt the measures to mitigate the identified  risks. As all risks cannot be identified relating to      data, Organisation are advised to encrypt  their data to “Secure the Breach”.

 Right to Erasure

 Post data collection, individuals will have a claim and a certain amount of control over the said data. Organisations are required to securely erase data when;

    • A partner Organisation submits a request for data deletion
    • An agreement or service comes to an end.
    • Consent being revoked by a data subject.


Breach Notification

If a breach results in unprotected data being exposed, the Organisation is required to inform the relevant Data Protection Authority within 72 hours, and, communicate the breach directly to the affected data subjects.

Contact Us

Any questions or queries regarding our shredding process, please fill out the form and one of our team will get back to you asap

We will then answer any queries that you may have in relation to this confidential destruction system. If you have any further queries, do not hesitate to contact us at any of the provided contact details or using the enquiry form.