What does GDPR mean for shredding in the office? Tayla Ansell finds out
After years of planning, preparation and panic, the General Data Protection Regulation (GDPR) is finally here. The new rules, which came into effect on May 25, 2018, give consumers more control over their personal data and require businesses to demonstrate greater accountability and transparency in their handling of consumer data.
Much of the focus in the run-up to GDPR has been on digital data, but the new rules also cover information on the printed page – how it is stored, how it is found and retrieved and, when necessary, how it is destroyed.
To find out more about the last aspect, P2P spoke to Darryl Brunt, sales and marketing director at Fellowes UK & Ireland, and Mark Harper, HSM Head of Sales UK&I – Office Technology.
“GDPR has clear directives around the disposal of confidential data, whether this is in an electronic or physical format,” explained Brunt. “In most instances, physical confidential data within GDPR’s remit is printed on paper and with this you have an inherent security risk… Shredding provides an easy, cost-effective method of disposal for paper-based confidential information.”
Not surprisingly, Brunt reports an increase in shredder enquiries in the run up to GDPR.
“In the closing weeks of the GDPR deadline, there was a very noticeable uplift in enquiries and sales of shredders and privacy filters,” he said. “Interestingly, the uplift in demand was seen right across the shredder range, from small deskside units for home/office workers through to large commercial machines for multiple user environments.”
Mark Harper stresses the importance of having clear policies about sensitive data and ensuring that all employees are aware of and understand them.
He said: “Organisations need to make sure they have a policy in place around the security, access, handling and destruction of documents and data carriers that contain personal and sensitive personal data. All organisations will want to safeguard their commercially sensitive data in the same way.”
He adds that the responsibility to keep data secure doesn’t end when you no longer have a need for it. “Sensitive documents also need to be appropriately destroyed at the end of their lives. The most secure way to do this (according to the DIN 66399 standard) is to have shredders dispersed around the office so that they are easily accessible to all.”
Brunt points out that businesses should also make sure their shredder has a high enough security level. “It is important to specify the right type of shredder for the destruction of data, and for anything more than low risk information, a cross-cut or microshred shredder provides a better level of data destruction,” he said.