Back in 2015, the European Parliament and Council reaches agreement on the General Data Protection Regulation (GDPR). Fast forward 2 years, and we are entering the last 6 months of a transition period given by the EU to prepare for the change. And believe us, there’s a lot of change on the horizon. So if you haven’t started looking at your business and preparing for GDPR, you need to start now. And while legal and IT might be at the top of your list, we recommend you take a look at your paperwork processes too, as they could soon represent a huge compliance issue for your business.
What is GDPR All About?
So unless you’ve been living under a rock, you probably know the basics of GDPR. In short, it’s the EU’s answer to Data Protection, since noticing that people’s data was being treated with various levels of security depending on the country it was in. This led to all sorts of risks, particularly if data was being used in countries with laxer data protection laws. Thus GDPR was born. GDPR is a universal regulation (which, unlike a directive, is mandatory) that will apply to all E countries. Not only that, but it will also affect any non-EU organisation that handles any EU citizen data, making it the most wide reaching EU regulation in existence. In other words, the EU are really serious about protecting personal data.
But Why Will This Affect My Paperwork?
At this stage, many business owners are focussing on their IT infrastructure, shoring up weak spots and making sure everything is compliance ready. But GDPR is all about getting organisations to really think about the way they handle data, and much of that data can still be found in paper records. GDPR sets out specific guidelines on how that data is acquired, handled, stored and destroyed, all of which is much more complex in paper. But there are a few things you can do to make compliance easier:
- Ensure You Can Find What You Need –
One of the sections within GDPR states that all individuals have the right to ‘be forgotten’. In other words, any EU citizen can demand that a company destroy all data held on them, and the company has to comply. While it’s easy to search and delete within a digital database, the same can’t be said for paper records. So in order to be compliant with this section, you need to know where everything is. To do this you might need to reorganise your filing system so that you can easily find data to destroy.
- Remember The Double Life of Paper –
Paper is a fickle thing, so clearly defined processes for managing information form creation to destruction might not be enough on its own. Paper can easily slip through the cracks of even the strictest information classification and storage policies. They can be copied, printed, just left lying around, carelessly destroyed or even removed from the building. In order to protect against this, we recommend combining your new policies with regular employee training and communication that reinforces the importance of document security.
- Build Privacy Into Your Processes –
As we said earlier, GDPR is designed to bring privacy to the forefront. This means that every element of how information is produced, managed and disposed of should be reviewed for compliance. It should be difficult, if not impossible, for an unauthorised person top access documents that contain personally identifiable information. If your processes aren’t that secure, you only have 7 months to make changes.
At Greenaway, we specialise in the final piece of the puzzle – document destruction. Our experts are on hand to help businesses store unwanted documentation securely and ensuring it is destroyed properly. By installing one of our storage bins, you can ensure documents aren’t at risk once they are no longer needed. Coupled with our secure document destruction service, you can be sure that your paperwork is GDPR complaint. For more information, get in touch with us today.