With the introduction of The General Data Protection Regulation this year it is essential for Organisations to know that they are complying with the legislation. The first step in compliance is awareness and this article will give a brief overview of some tips to take into account to protect your Organisation. From data consent to third party data processing such as a confidential paper shredding service, I aim to guide you in the right direction.
Always obtain the data subjects consent prior to holding or using their personal data. All forms both physical and web-based which are designed to gather personal information should contain a statement detailing what the information is to be used for.
B. Sensitive data
When dealing with sensitive personal (race, political opinion, mental health etc.) data additional measures should be in place to ensure the security of the data. When this data has reached its end of life always securely destroy the data through a paper shredding service.
C. Individual rights
Be aware of individual’s rights when dealing with information held upon them. If preparing reports always be aware that individuals have the right to see all personal data held about them which also includes emails and informal notes that have not gone through your document shredding service in place.
D. Review files
Data should only be retained when and where absolutely necessary. Securely disposal of the data once it is no longer required through an onsite paper shredding service and/or an offsite shredding service with a data processing firm and under contract. Establish and record regular reviews of the data in your control.
When discarding waste data in paper format it is imperative to treat them confidentially. Never discard end of life data with conventional recycling streams. Waste paper data is not the same as general sorted office waste (SOW) before it is destroyed due to the fines and penalties attached to them for a breach. Always hire a professional paper shredding company to secure shred all documents and receive a certificate of data processing. The same applies to waste electronic data carriers such as hard-drives, always securely destroy them through a hard drive shredding service.
For any advice upon data protection and making your Organisation compliant please do not hesitate to contact one of our team through our website www.securityinshredding.com.