“Cannot be ignored by any business.”
At Security In Shredding when shredding confidential documents we must comply by the EU standards. These standards along with the Data Protection Commissioner ensures that our work is done to the highest quality. Security is paramount and failure to comply with these laws can result in a hefty €100,000 fine. These laws also apply to all business that handle sensitive data.
The EU Data Protection Rules that are expected to come into force in 2018 will have an effect on all business and cannot be ignored according to legal experts in the field. The final text was agreed upon in December 2015 after years of negotiations and analysis.
The new regulation is aimed at harmonising the European Data Protection Legislation and reforming the outdated EU directive on Data Protection and replace all inconsistent laws across the European Community.
Even though the digital economy is at the core of this new regulation it is ESSENTIAL to note that physical data is also covered and holds the same fines and penalties which are described below.
One of the most eyebrow raising and awakening points from the new regulation is not only that it gives rise to increased compliance requirements but breaches in compliance are backed with heavy financial penalties which have turned out to be up to 20 million or 4% of annual turnover, whichever is the greater.
The journey to compliance
From the experts here at Security in Shredding; Organisations approach to comply with the GDPR will need to include three key components; These are:
#1) a compliance journey
#2) a transparency framework and
#3) enforcement, sanctions and remedies framework.
The compliance journey requires Organisations to classify the personal data in their possession; complete risk assessments; apply privacy protections into all existing and new business operations; employ and empower dedicated data protection officers; monitor and audit compliance; and document everything they do with data and everything they do to achieve legal compliance. All data stored electronically and physically will have to be managed appropriately. Waste paper will have to be destroyed through certified data processors and not enter general waste streams.
The new transparency framework will mean that Organisations need to redevelop how they engage with external people including all external vendors that process material for them, service such as paper shredding, external invoicing, digital data destruction and marketing will all have to review how they process information and give clear and full information on what is happening to personal data.
The new enforcement, sanctions and remedies framework will give appointed data protection officers high authority to make decisions for the protection of personal data and achieve compliance for their Organisation.
Please visit our site for more information on shredding confidential paper.
Join in on the conversation on Twitter @securityinshred