Shred your way to GDPR compliance
- julieconway18
- Apr 24, 2018
- 3 min read
New research commissioned has revealed widespread confusion around impending changes to EU Data Protection Laws:
Almost half the 1,000 UK office workers surveyed did not know if their employers were taking action to comply with GDPR.
44% of respondents said they had seen printed confidential documents at work.
32% had accidentally seen private emails and documents on a colleagues screen.
20% admitted to never shredding sensitive material, which amounts to 3 million people nationwide leaving personal information vulnerable to misuse.
GDPR covers personal data and sensitive personal data in electronic and physical formats
It’s important to consider what kinds of data the GDPR will apply to, before constructing a compliance policy for your organisation.
Data within scope of the GDPR includes any information about an identifiable person. Some examples of GDPR-covered personal data include full name, e-mail address and phone number.
The GDPR also applies additional protections to a sub-category of personal data, called sensitive personal data.
The GDPR is concerned with personal data handled by organisations in both electronic and physical formats, such as paper documents.
Why does paper security matter?
It is now pertinent to address the issue of paper security within organisations and why it is a key concern for businesses as they prepare to meet the GDPR’s requirements.
In fact, a 2014 PwC report, in conjunction with records management company Iron Mountain2 – which surveyed European mid-market companies about how they perceive and manage their information risk – found that two-thirds of respondents said that managing the risks associated with paper records was a top concern.
While digital threats are high on an organisation’s agenda, it would be a mistake to assume that paper-based security risks have gone away.
Paperwork still accounts for many common security breaches.
Of 598 data security incidents recorded between July and September 2016 by the UK’s data protection regulator, the Information Commissioner’s Office (ICO):
14% were due to the loss or theft of paperwork, a further 19% were posted or faxed to the incorrect recipient and 4% were due to data left in an insecure location. Another 3% were due to the insecure disposal of paper. So despite an exponential rise in digital technologies, 40% of incidents were attributable to paper.
See website for more info www.ico.org.uk
· Data left in insecure location
· Loss/Theft of paperwork
· Data posted /faxed to incorrect recipient
· Insecure disposal of paperwork
What is hampering Staff cooperation to GDPR compliance?
1. Lack of Awareness
Employees generally perform activities which are clearly highlighted as a priority by their managers. With this in mind, a clear and firm document shredding policy may solve many in efficiencies.
The 2014 PwC/Iron Mountain survey of European midmarket companies notes that just 40% have clear employee guidance on internal disposal and storage of physical documents, and only 27% have company policies for the safe security, storage and disposal of confidential information.
2. Ease of Use
A second common cause of employee non-compliance with document shredding is the difficulty and time consumption of the task.
While workers may have access to shredders, not all workers may shred necessary documents if the activity takes significant time or is difficult to manage.
Unsurprisingly, no organisation wishes to invest in shredders that their employees are likely to neglect to use due to poor productivity or ease-of-use barriers so these issues should be solved to ensure maximum use.
BEST PRACTICE:
Get rid of all of your office bins and provide a shedder in the middle of the office workspace for ALL paper to be shredded after use.
A small bin for recycling/food waste could also be provided to encourage a greener thinking working environment – something your business can shout about.
Comments