The UK has moved into a new financial year. With this, we are one step closer to the changes that the GDPR is set to introduce on May 25th. With GDPR compliance high on the agenda, HSM UK discuss why the turn of the new financial year is the perfect time to update your processes for dealing with old documentation.
It’s a substantial time of year for UK businesses and in particular anyone involved in finance. Routine updates include the new financial year, which began on April 1st 2018 and the Fiscal year which began on April 6th 2018. In addition to this there is now less than a month until the EU’s new General Data Protection Regulation comes into play, a concerning milestone for some.
As nearly one in four finance businesses expect not be ready for GDPR on the 25th May, it’s still clear that some still have work to do. This isn’t to mention the finance departments, individuals and other areas of UK businesses including HR, legal and marketing departments, that are still feeling underprepared.
Although some have already made their preparations for GDPR, the remaining few should see this time of year as a way to start afresh. Using the new financial year as a prompt to audit the documents in your possession and deal with them accordingly could be the motivation that’s needed to continue good habits in time for GDPR. After all, clean and secure desks mean clear minds.
For many involved in finance, the new financial year is a time where documents including tax reports, salaries, pension schemes and other confidential information are present in the workspace. With so many sensitive documents being passed through premises at this time it’s important that any data handlers are adequately equipped to deal with them.
The UK government holds various requirements regarding financial documents and data. For example, a limited company must keep records for 6 years from the end of the previous financial year. So, as you can imagine, it’s common for old documents to be stored past this requirement. However, documents such as these often contain commercially sensitive and indeed personal information that should be effectively destroyed once it’s no longer required. A requirement of the new regulations.
The first step, after awareness, is an information audit. It’s highlighted in the ICO’s 12 step GDPR guide that you should organise an information audit. So, whether you’ve already cleared your offices of old documents or not, it’s important to understand the information that is being held in your building at present.
Although some may already have their document cleansing processes set in place for a new financial year, it may not be up to GDPR standards. Some methods can result in old documents being discarded or at least put to one side to be dealt with at a later time. This will no longer do.
With GDPR holding a stronger requirement for a strategy on both electronic and paper data security, the view on old documents – whether hard copies or digital copies – is now becoming more commonly recognised. The new financial year should ignite these new data cleansing processes, with finance departments leading the way for other internal departments to follow suit.
Safety and security
Whether an individual or a large business involved in areas such as finance or HR for example, if you handle sensitive information and wish to remain secure you should have plans to shred documents in-house.
External shredding services promote convenience as a main selling point but what’s convenient isn’t always as secure as it could be. Questions are being raised over the effectiveness of these services, and in particular, people are challenging the validity of claims being made on both security and cost-effectiveness.
The reality is, when you break external services down, your sensitive documents could be passed through various sets of hands as it goes through a process which includes transportation and storage.
It’s important, then, to shred where you work. This renders the documents harmless at the point of use and removes the possibility of them being misplaced in transit or storage. Not to mention the other security risks third-party services pose such as documents not being shred to their required security P-level.
Shredding internally as part of a routine is the best policy for remaining compliant. As many documents could be left lying around from the turn of the new financial year, this is an optimum time for departments such as, but not limited, to finance, to get involved in routine shredding.
As a general rule of thumb, you should also look to shred little, and often. Shredding at your desk gives you the option to shred little amounts often meaning you avoid arduous long periods stood at a shredder. A clean desk mentality is vital if you’re handling sensitive information.
A new routine at a vital time
There’s no longer an excuse to not remain compliant. Whether you’re part of a small home office or a large financial department – there are a range of shredders which can suit the requirements of anyone.
It’s time to change your routine. Shred everything, shred where you work, shred little, and shred often.