Setting up a regular schedule for data destruction can help you comply with the GDPR and the recommendations of the ICO.
The forthcoming General Data Protection Regulation (GDPR), which comes into effect in May 2018, places several new requirements on businesses in terms of how they collect, process, store and delete confidential information on customers and others.
The GDPR aims at bringing data protection legislation in line with the way we live, work and shop today. Existing data protection laws were drawn up before the internet was such a major part of our lives, and before we used digital devices to connect to it hundreds of times a day.
Now, we’re sharing more and more of our data with more and more businesses and organisations, sometimes without even being aware of it. The GDPR is intended to restore the balance between individuals’ rights and the demand for quick, responsive digital services and experiences.
It covers a range of areas, including what constitutes lawful data processing, how people must give consent for their data to be collected and used, how they can ask to see their data and have it deleted and what organisations must do in the event of a data breach.
With the GDPR shining a spotlight on the justification for storing data, many firms will be looking to sharpen up their processes for disposing of data once it’s no longer needed.
The Information Commissioner’s Office (ICO) recommend auditing your process trail for handling confidential data (and can also carry out its own audits). Disposal of data is one of the areas that is examined during an audit, under the broader heading of ‘Records management’. Auditors look at aspects including information asset registers, retention schedules and destruction records and certificates.
The best way to ensure that the destruction of paper records and digital media is compliant with the GDPR, and ICO guidelines, is to work with a professional shredding company. Shredding firms such as Shred Station can offer a regular shredding collection, in line with your retention schedules, so you never end up holding paper records for too long.
They can also dispose of digital media such as hard drives, data disks and flash media, so you can make absolutely sure that unwanted digital records have definitely been disposed of and cannot fall into the hands of data thieves.