Why it’s important not to let standards slip over confidential data disposal
Some days, we bring our A-game. Other days, we’re happy to let things slide a little…but that’s a terrible idea when it comes to your confidential data disposal.
One slip, like throwing out a document containing sensitive information without shredding it, could land your business with a massive headache and a large fine. For example, one London pharmacy was fined £275,000 after it left confidential waste in unlocked containers outside its site.
To avoid that, your confidential data disposal processes must be consistent, and your employees must adhere to them strictly.
What is confidential data?
This is data which contains any kind of confidential information which might identify someone – from names and addresses and email addresses to bank details, national insurance numbers, and personnel records.
The General Data Protection Regulation (GDPR) which governs the storage and processing of this data also includes IP addresses in this category.
What does GDPR say about confidential data disposal?
It says this data must be gathered in the correct way, stored securely, and processed and disposed of safely.
In other words, your business needs to have processes in place to ensure data is stored securely online and in physical documents.
A data controller must be appointed to oversee this.
If there is any data breach involving confidential data, this must be reported to the regulator within 72 hours. In the most serious cases, where there could be financial loss or risk to the people whose data was breached, they must also be informed directly by a business.
If the business’s processes fail, causing a serious breach, then it could face a fine of up to 4% of worldwide annual turnover, or two million euros. The fine limit for less serious breaches is 2% of worldwide annual turnover or ten million euros.
How should your business protect itself?
It needs robust cybersecurity to protect your computers and information held online in the cloud.
It also needs to ensure confidential documents and old hard drives are shredded to prevent data from falling into the wrong hands.
Outsourcing your confidential document shredding to a secure shredding company like Venture Waste makes so much sense.
Your staff are freed up to help customers, chase new business, and deliver your goods or services.
You get the peace of mind of shredding to the size of a dust particle, if necessary, by vetted workers at licensed facilities with 24-hour security.
You could also opt for on-site or mobile shredding at your premises, so your sensitive information doesn’t have to leave your site before the documents are destroyed.
Hard drive shredding means no clever hacker is going to be able to retrieve deleted files.
Your business is issued with certificates of destruction for every load which you can show to any regulator like the Information Commissioner as proof of its responsible attitude to confidential data disposal.
The paper and metals produced by the shredding are mixed with other loads and recycled, making your business more sustainable.