IS YOUR PAPER DATA GDPR COMPLIANT?
Privacy laws changed in May 2018 and the General Data Protection Regulation (GDPR) became law. This means that businesses need to have appropriate security measures in place to protect any personal data that they hold. Sensitive or confidential paper documents with personal details need to be securely destroyed when they are no longer needed. Simply disposing these types of documents in a bin can put you at a risk of a data breach and the consequences of this can be disastrous.
Personal data means any information that can help identify a person with details including, but not limited to: Names, location details, identification numbers and contact details.
When it comes to data security for paper documents that you no longer need, there is no greater peace of mind than using a shredder to securely destroy them. Fellowes shredders safely destroy paper documents so hard copy data that is no longer required cannot be read or accessed anymore. So, you can Keep it Confidential, always.
Recent research by Fellowes shows that:
• Nearly 50% of people in an office don’t use a paper shredder to dispose of confidential documents with personal data.
• Over 50% of people see confidential information or personal data left unattended in an office.
• Over 55% of people don’t know that compliance with GDPR is everyone’s responsibility.
Here’s why a shredder is an essential tool to keep you safe:
Take control and take action to keep it confidential now with these tips:
• Dispose of any documents no longer needed by shredding them
• Don’t leave confidential documents lying around
• Don’t dispose of documents with personal data carelessly, even if you tear them up a few times!
• Ensure you have a reliable paper shredder to hand, to securely shred documents with any personal data
• As a minimum, Fellowes recommends using a cross-cut shredder for enhanced security (DIN LEVEL 3-4)
Choose your shredder now
Fellowes has a broad range of shredders from personal to large office and department shredders. Different features such as 100% Jam Proof and Silentshred™ mean that you benefit from a reliable and secure performance every time.
Whatever your requirements, from personal, home office, auto-feed (walk away) to heavy duty use, Fellowes has the shredder for you. Choose your safe, reliable and robust security companion here.
GDPR and your paper documents
The European Union (EU) rules on data protection changed on 25 May 2018 with GDPR becoming law.
GDPR affects all businesses and even though data protection may make us think of digital data security, it’s far more than that. It’s important to carefully assess the protection, storage and disposal of confidential documents in paper too. We’ve pulled together some information to help you identify and tackle possible problems.
A GDPR Summary – what’s new?
EU data protection law has always required businesses to protect personal data against unauthorised or unlawful processing, and accidental loss, destruction or damage. This includes data stored on paper. However, the GDPR adds a few extra demands.
• New rights for individuals on how their personal information is held and used
• New data security levels
• New demands to report GDPR breaches to the regulator
• New requirements on demonstrating compliance to the regulator
Considerations for paper and data security
When it comes to applying and adopting GDPR, sensitive or confidential paper documents and files pose a specific set of challenges to businesses. As with any personal information held, businesses need to look at how the information is stored and consider:
1. Whether we still need it
2. Whether we need to use it in the way we do
3. Whether everyone accessing it really needs access to it
Here are a few special considerations when it comes to paper:
Simply printing a document and forgetting you’ve done so can create a security risk. Ask yourself: Who might accidentally pick up that document?
Each time you send a document to print through a wireless printer, you run the risk of security breaches via the Internet. Try restricting print permissions and tracking print jobs using specialist software to help prevent this.
Scanning turns printed documents into digitalised versions of themselves, which can be opened and read by anyone. Add password protected privacy filters to your scanning system to help counter potential threats.
Documents which you still need to hold must be stored in a way that allows them to be easily traced and located if required. Sensitive documents need to be stored in locked cabinets and access restricted to a certain number of people within the business. Hard copy records don’t have to be intimidating. Create and maintain an efficient records management system with these practical tips.
Breaching the GDPR could cost €millions
It’s never been more important to take care of the data businesses hold, including paper documents. Leaving sensitive paper files on public transport, keeping data longer than we need to, or disposing of it incorrectly are all easy mistakes to make - but they can also be very expensive ones. Breaking the new rules could cost up to 4% of your global annual turnover, or a staggering €20 million (whichever is higher).
Did you know?
Under the GDPR, everyone whose personal data is held by an organisation will have new legal rights. These are the Right to be Forgotten, the Right To Data Portability and the Right To Object.
• Get to know your new responsibilities when it comes to hard copy data.
• Read up on the new rights people have under GDPR.
• Double check how hard copy personal data is processed and stored by your business.
• Revisit your data destruction policy.
• Do you need to implement security shredding?
• Identify weaknesses in your paper management system, as well as in the systems of businesses and services you share information with.
• Train your team members so they’re up to date on the new regulations and understand the importance of secure document disposal.
Did you know?
80% of European companies experienced at least one cybersecurity incident in 2016). (Source: http://europa.eu/rapid/press-release_IP-17-3193_en.htm)