Shredders play a key role in secure document disposal which, with GDPR now in force, is more important than ever. Dealer Support investigates why shredding is vital and how GDPR is impacting sales
In May the General Data Protection Regulation (GDPR) finally came into effect. The proper archiving and disposal of personal information has never been more important; documentation has an expiry date which categorises data as active, semi-active, archival or disposal and developing a plan on how to tackle each of these in a way that complies with the new rules is non-negotiable.
“It is definitely coming and, even though it is a European regulation, come Brexit it will be adopted as the UK Data Protection law,” says Sammy Bartley, director of Bartley Business Associates. “You need to implement technical and organisational measures now. The first stage is to understand what personal data you hold – why have you got it? Where has it come from and where is it stored? Who has access to it? It is shared with any other parties? Until these questions are answered, you won’t know what processes you need to put in place.”
Businesses are now clamouring to increase their security and technology in order to keep their archived information as safe as possible, but a question mark still hangs over the proper disposal of physical data. In reality, and while this may seem like too simplistic a solution, shredding is the best way to dispose of data to a legal standard. Shredding should be an integral part of a company’s document management processes already as it is the simplest and least environmentally damaging way to ensure data are rendered unreadable; other private information – such as tax files – needs to be destroyed after four years of being archived. As such, any business should already be aware that shredding is the necessary route for proper document disposal and it’s not at all surprising to find that many businesses are still panic-buying shredding technology just weeks before GDPR becomes reality.
There are various reasons for this, including the fact that many offices outsource their shredding. According to HSM’s essay Is the UK choosing the right GDPR solution? shredding is – or should be – a vital element of any business’s plan for remaining GDPR compliant. ‘However,’ the report says, ‘many organisations are still under the impression that external shredding services may be their best option, which isn’t the case. Subcontracting is seemingly the easy option for some, with shredding being taken off-site for someone else to deal with. Yet what is commonly forgotten are the question marks above off-site cost-effectiveness and security levels.’
Since security is the main factor in relation to GDPR, taking risks by sending potentially sensitive data off the premises is less than ideal. An in-house shredder eliminates any guesswork as to whether data disposal complies with the new rules and can save thousands of pounds long-term. HSM’s report continues, ‘Your confidential information is destroyed immediately rather than sitting around, complete, in sacks of consoles that can be easily accessed for days – or even weeks.’
Businesses leaving it until now to buy their shredders will be looking for advice on exactly what they should be looking for to suit their needs and this is where dealers can step in and educate. The different kinds of cut offered by shredders are defined by what are called ‘DIN levels’, which range from P-1 to P-7; P-1 is recommended for destroying low-level documents whereas P-7 provides military-grade protection from data breaches. A minimum of P-4 is recommended for offices although, as GDPR approaches, HSM’s research has shown that some are beginning to choose an even higher security level.
Mark Harper, HSM’s head of sales UK and Ireland – office technology, has seen a serious upsurge in people shifting their shredding operations from outsourced to in-house as they strive to make their businesses more secure – as well as thinking carefully about the DIN levels they are choosing. He is passionate about the fact that people shouldn’t settle for low-level shredders, the pieces of paper within which could, conceivably, be put back together like a jigsaw puzzle and be legible enough to read; he is personally thrilled that the new rules have spurred people into action. “You can definitely attribute some of this to GDPR and certain things we’re being asked for are GDPR-specific,” he says. “We’ve been selling more to dealers because of this but also, interestingly, to two car dealerships which require a lot of personal data from their customers that’s no longer needed once the finance is set up. They bought shredders from us specifically to comply with GDPR.”
The new regulations have brought into focus just what the risks of non-compliance are, not only with regard to security levels within the shredders themselves but across every part of the business. HSM recently completed a case study on a company which has used its shredder solutions for 12 years and, on moving to a new building, placed the shredder in the middle of the floor instead of installing waste bins. Every sheet of paper – regardless of the sensitivity of the data upon it – is shredded securely and, thus, the organisation has every angle covered.
GDPR isn’t going to go away, so dealers still have plenty of time to educate customers on the benefits of maintaining their own high-security document disposal solution.
Don’t forget to follow Dealer Support on Twitter!