By Sammy Bartley
As you probably know by now, GDPR came into effect today. So what does this mean for your office?
Part of the new criteria states that any company which processes or stores personal information relating to European citizens must comply with the stringent new laws relating to data privacy and storage. This includes any personal data kept on file, whether physical or digital.
One thing is very clear, your organisation cannot afford to take risks with the personal data they hold and a robust data protection policy is crucial.
Although this sounds daunting these regulations protect consumers against companies that hold inaccurate and unneeded data about them, as well as ensuring greater emphasis is put on prominent and unambiguous customer consent with the ability to withdraw at any time.
A recent survey from Fellowes found that:
- 31% of office workers said their business wasn’t taking action to ensure data was compliant with GDPR
- Only 41% said they have had training on how to deal with GDPR
- 43% said they believe there is data in their organisation that isn’t secure
- 19% said they never shred office documents once a week
- 44% admitted that they throw paper documents into bins without shredding
- 37% admitted they had seen a private email or document on their colleague’s screen
The new regulations means you need an effective, documented and auditable process in place for the destruction of confidential information, including the secure shredding of obsolete sensitive paperwork.
Let’s look at a few ways you can ensure confidential information is handled correctly:
- First step is to conduct a data flow exercise to understand what data you currently hold, where has it come from, where is it stored, why have you got it, who has access to it and is it shared to any other party
- If you don’t need personal data, or are holding more information than you need to about individuals, securely destroy any printed documents by shredding
- Ensure your business has a robust policy to deal with unneeded records, such as a compulsory requirement to delete expired digital documents
- The GDPR gives individuals more rights than the current Data Protection Act (DPA) to access their personal data from a company. Companies must respond within one month to requests
- Inaccuracy in personal information is one of the subjects covered by the GDPR, so if you know a record is inaccurate, either delete it or securely shred it to minimise the risk of further inaccuracies, mistakes or negative consequences for the person it relates to
Find out more about GDPR at www.fellowes.com
About Sammy Bartley
Sammy Bartley has been working within the office supplies industry for over 20 years and is a qualified GDPR Practitioner offering advice and comprehensive solutions in preparing organisations for readiness with the new regulation.