Contributed by Rexel
A full year has passed since the EU’s General Data Protection Regulation (GDPR) went into effect. Some firms have adapted quickly and with ease while others lag behind. The EU Commission has received over 95,000 complaints in the time since the new rules took effect, the most notable example being the £44m fine Google incurred over how the site uses data to target ads.
Hopefully by now, your business and your customers’ businesses have taken proactive steps to become fully compliant to the stricter data compliance laws. However, recent research conducted by ACCO Brands, Europe’s leading manufacturer of office supplies including leader in shredding Rexel, revealed concerning results that indicate that UK businesses may not be as prepared for GDPR as they think.
- 30% of survey respondents believe GDPR only applies to digital data
GDPR regulations apply to both digital data and “personal data processed in a non-automated manner which forms part of, or is intended to form part of, a ‘filing system’.” While digital data breaches tend to grab most of the headlines, physical data noncompliance is just as much of a risk and is often overlooked.
The paper documentation a business keeps may contain private and sensitive data about its customers and partners, such as addresses, telephone numbers, insurance numbers, and more. Improper handling of this information can not only lead to large GDPR fines and penalties, but also bring about negative consequences and unwanted solicitation for customers.
- 75% have not yet updated their approach to physical data management
Many firms have invested in new or improved cybersecurity measures in order to become compliant, but three quarters of businesses have yet to address issues with physical data. Many have moved their vital documents into digital or Cloud-based storage systems but have failed to devise an appropriate solution for handling the physical records once they have been digitised.
The loss or theft of paperwork are among some of the most common incident types reported to the Information Commissioner’s Office (ICO), the UK independent authority upholding information rights. This is a major risk for businesses, as they could face enforcement action from ICO. Action needs to be taken now to avoid future penalties.
- 65% confirm they have not purchased paper shredding equipment as a result of GDPR legislation.
Shredding is the best way to ensure that all physical data is appropriately destroyed and to safeguard your customers’ and partners’ personal information. Simply throwing away or manually tearing up documents is not enough to protect this valuable data and meet compliancy standards.
- 53% of businesses still have zero or one shredder.
If a business falls into this category, now is the time to introduce new shredding technology into the workplace. Rexel’s shredders feature Auto Feed and intelligent jam technologies to eliminate the time-consuming tasks that may have previously put non-users off shredding. With the right shredders, and enough of them, physical data security and GDPR compliance are much quicker and simpler to accomplish.
- 52% of consumers still don’t understand shredding security levels.
Though GDPR does not specify which level of shredding security is required to be compliant, it is better to be safe than sorry. Cross cut and micro cut shredding are the most secure options, as they produce the small paper particles that are impossible to piece back together as opposed to large strips. Businesses with traditional strip shredders may want to consider trading up to these more secure cuts in order to fully safeguard data.
As businesses throughout Europe continue to adapt their digital data to meet GDPR standards, there is still much to be done to secure physical data. A year on, and the clock is ticking.
Now is the time to encourage your customers to update their data handling practices with new shredding technology.
Don’t forget to follow Dealer Support on Twitter!