GDPR will come into force next May and is set to tighten restrictions on data protection. From government to commercial, a data breach could lead to business-ending fines under the new regulations. Mark Harper, Head of Sales HSM Office Technology, explains why shredding is a great form of defence
The impending General Data Protection Regulation (GDPR) update is just around the corner. Yet, there remains a substantial amount of business managers across the country that aren’t even aware of the changes, let alone be ready for them.
Research has highlighted that in the UK 84% of small business owners and 43% of senior executives of larger companies are unaware of the forthcoming GDPR. These numbers are worrying, as businesses up and down the country are facing hefty penalties once GDPR is enforced.
The revised regulations will apply to both controllers and processors of data. Both parties can be held accountable in data breach scenarios, with the main issue being the unauthorised disclosure of personal data. To combat this, businesses must demonstrate procedures that comply with the key principles, such as planned shredding processes.
In terms of financial fines, as of 25 May 2018, breached organisations could find themselves facing penalties with an upper limit of €20m, or 4% of annual global turnover, whichever is higher of the two figures. For many businesses, being hit with such fines will inevitably put them in jeopardy of closing down, and will cause a knock-on effect for the wider economy too.
Clearly then, the financial ramifications could be hugely detrimental, but they’re not the only danger. A data breach can damage your organisation in other ways, such as denting brand reputation, customer confidence or allowing competitors to take advantage.
The best form of defence?
Don’t leave yourself unprotected. There are various processes businesses can use to ensure data, whether digital or manually collected and stored, is secure.
In the first instance, having a clear data protection and shredding policy is one of the best ways to help compliance with GDPR. Many shredders now allow users to shred paper and CDs. Additionally, hard drive shredders possess the capability to shred digital data carriers, further decreasing the chances an office will suffer a personal data breach.
In many cases, data will often be left lying around the office, which is a threat. Old data that’s no longer required, whether in the form of a hard drive or paper, is particularly dangerous. Ensuring each and every office has procedures for shredding old data as soon as it has been used for its purpose is essential, or they could find themselves in hot water.
Royal & Sun Alliance Insurance was stung when a hard drive was stolen from company premises either by a member of staff or a contractor. The personal information of nearly 60,000 customers was held on the device and was never recovered. Ultimately liability was traced back and the company was fined a sum of £150,000. Don’t leave old data lying around.
Reducing sensitive paper documents into non-legible particles is a clear-cut way to lessen the risk of personal data finding itself in the wrong hands. Paper shredding levels range from P-1 with paper being cut into strips not exceeding 12mm in width to the most secure P-7 where particles must not exceed 5mm² in size. The P-6 and P-7 levels tend to be used by government and defence for the most secret documents, however, commercial organisations are increasingly using P-5 level shredders to bolster security for sensitive, personal or commercial information. At this level, confidential documents at A4 size are cut into over 2,000 pieces which are nigh on impossible to reassemble.
Finally, it’s important to consider that in-house office shredders offer a much safer option than outsourcing to a third-party shredding service provider, as you are in full control and remove all possible liability that comes with subcontracting your shredding. Additionally, an in-house solution can be up to 80% cheaper to operate over five years compared to a third party shredding service.
The need to prepare for GDPR is vital. The main thrust of the new regulations is to make all organisations take better care to secure personal data, however daunting fines of €20m should provide an additional reason to ensure you’re taking the necessary steps to being compliant. The dangers of data misuse will soon be too great to ignore.
By shredding documents, organisations reduce the risks of non-compliance and all the implications thereafter. The simplest way to think about protection is to ask if you are holding onto customer information. Be it paper records, hard drives or data media such as CD-ROMs, these are all potential areas where confidential information could be compromised. and it’s also a great opportunity for dealers to sell more shredders.