Comply with GDPR by May 2018 – are you prepared?

What is the GDPR, well it’s the new EU General Data Protection Regulation, and before you think that there is no need to worry about it as we are leaving the EU, we will definitely have to comply with it as it will apply to any organisation that deals with any person who lives within any of the 27 Member States. We will also need to comply because however long it takes the UK to exit the European Union, this will potentially be several years after the regulation is implemented and our own Information Commissioner Elizabeth Denham at a conference in January said “I want organisations to think to themselves: ‘we base our online user experience around what consumers want. We shape our products and services around what consumers want. We need to shape our data protection approach around what consumers expect’.”

So it’s definitely on it way, so why is it so important? Well the main stick that the regulation uses to ensure an organisation will comply is punitive, a potential fine of up to 4% of annual global turnover or Euro 20,000,000. That’s 40 times higher than the current upper limit for fines set by the Information Commissioner’s Office (ICO) at present – ouch!

All Directors Could Face Penalties

The other major difference in the penalties is that all the directors of a Company can be prosecuted if the business fails to comply, and that can be up to a whopping £500,000 each, so they need to take a good hard look at the guidance coming out of the ICO for the United Kingdom, the ICO has provided a really sensible guide to the process last month called 12 steps to take now You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit across the organisation or within particular business areas.

Become GDPR Compliant With Shredded Neat

Here at Shredded Neat we have the capability to help you comply with certain aspects of the data that you hold already, once the various locations for your data have been established for the requirements of the regulation. The traditional form of data storage has been and for many businesses still continues to be paper-based, usually, in files in filing drawers, ring binders sitting on shelves and documents packed away in archive boxes, either in the business itself, or often stored offsite in secure storage.

In any event, once all the locations have been identified you have an option to decide at that stage if it makes sense to reduce the sheer volume of documentation you hold. Sometimes this can’t easily be done as most financial records have to be held for at least 6 years, or in the case of a GP’s medical records, they must be held for 10 years after the patient has died!

It is clear then that any organisation needs to understand what needs to be kept and for how long, but any paper records past the required dates should be destroyed. We offer a range of services including Mobile Onsite Shredding, with our Mobile Shredder or securely collecting the records and shredding them on our superfast new shredders at our Ditchling Depot, this is known as Off-site shredding
Over the last 40 years, however, data has migrated to lots of different hard media starting with microfiche (yes remember that!), magnetic tape, CD Rom, hard disk drives as well as being embedded in many types of IT equipment in various forms. We have the facilities to destroy data on whichever media it is stored at your premises and we use a variety of techniques to ensure that any media will be destroyed fully and properly to comply with the GDPR Regulation. If you contact us we can advise the most secure data destruction processes for any data before collection if required, all IT equipment is covered in our processes for handling Waste Electrical & Electronic Equipment Destruction

The review that will is required by the GDPR must also include data held on ‘the Cloud’ The computing resources managed by a cloud provider may be located outside the UK. A large cloud provider may have a number of data centres, each of which could be located in a different country. This distributed architecture can improve the reliability of the cloud service but also means that it can be difficult to know where data is being processed and what levels of security are provided in order to comply with the regulation.

Contact the Shredded Neat team

With not long to go until GDPR is implemented in establishments across the EU, make sure that you are fully complaint with Shredded Neat’s data shredding services. Call us on 0800 234 6660 to speak to a member of our expert team regarding all things GDPR, or if you prefer leave us a message online and we will call you back as soon as possible.

Or request a call back today

Free Phone 0800 234 6660