When it comes to running a business, nothing is every simple. This goes double for your paperwork. Even though more businesses than ever are aiming for the ‘paperless’ goal, paperwork is still a huge pain point. There are a huge number of processes that need to be followed with paper, and many more industry specific rules. But there are some key regulations that govern how businesses manage paper, and you need to know what they are, and how you can stay compliant. So that’s what we’re going to do today!
Companies House Filings
Of course, as a UK business, you have some basic obligations for paperwork with Companies House. These obligations are mainly around what you need to keep, and for how long. Every UK business is required to keep the following documents for 6 years:
- Accounting records
- Stock records
- Details of goods bought and sold, including parties involved (unless you are running a retail business)
- Financial records (such as receipts, petty cash books, delivery notes, copies of invoices, contracts, sales books)
- Balance sheets
- Profit & loss statements
- Financial forecasts
Because these records are highly sensitive, businesses also need to stay on top of destroying these once that 6 year timer runs out. Otherwise, you are leaving your business open to identity theft and fines from companies house. That’s where your shredding partner (you do have one, right?) comes in – we help you destroy these documents securely and on time.
On top of that, you will need to keep a few bits of paperwork indefinitely, like:
- Detailed record of the company
- Results of any shareholder votes
- Specifics of any company loans
- Record of share purchases and sales
The Data Protection Act is the final authority in how your business should be handling data. You might think you don’t really handle data in paper form, but we can guarantee that you do. The Data Protection Act defines 2 types of data businesses can hold on people (customers, suppliers, employees and more).
- Personal Data – Personal data is defined as data which relates to a living individual who can be identified from the data, or from the data and other information which is in possession of, or likely to come into the possession of the data controller; and it includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.
- Sensitive Personal Data –
Sensitive personal data is defined as personal data consisting of information relating to the data subject with regard to racial or ethnic origin; political opinions; religious beliefs or other beliefs or a similar nature; trade union membership; physical or mental health or condition; sexual life; the commission or alleged commission by the data subject of any offence; or any proceedings for any offence committed or alleged to have been committed by the data subject, the disposal or such proceedings or the sentence of any court in such proceedings.
That might all seem like a mouthful, but it basically means any data on an individual is covered by the Data Protection Act. So you are under obligation to keep this information secure, accurate and up to date. You must also ensure this data is not kept any longer than it is needed, and destroyed securely (with evidence) when it is no longer needed.
Of course, The UK Data Protection Act is living on borrowed time now. In May 2018, this act will be will be replaced by the EU regulation GDPR (which we have talked about before). Luckily, if you are compliant with the Data Protection Act you shouldn’t have too much of a problem getting your paperwork ready for GDPR. The main changes will be the ‘right to be forgotten’ and an intensified focus on privacy. This means you will need to ensure that you can easily find all paper records for individuals in order to destroy them, if requested. This on its own has lots of businesses scrambling to either redefine their filing systems ‘by person’, or to make the switch to paperless working. Either way, you need to be confident you can find everything you need if one of these right to be forgotten requests comes in. The second thing GDPR will affect in your paperwork obligations is privacy. You will need to analyse your processes and ensure that all data is kept secure and private. No one should be able to access documents if they aren’t authorised, and paperwork should all be destroyed properly and securely every time.
At Greenaway, we help businesses get (and stay) compliant with their paperwork obligations by providing a secure method for document destruction. Our secure paper and hard drive shredding services ensure that your documentation is destroyed properly, and a full record is given of that destruction. That means you are not only meeting your privacy and destruction obligations, but you can prove it too. To find out more about what we do, get in touch with our team today.