With just 34 days to go until GDPR comes into effect, how prepared is your business? Many business owners are combing through checklists to ensure compliance, shoring up their systems to make them impenetrable and easy to manage. But the area that’s falling through the cracks for a few people is the data destruction element. So today, we’ve pulled together a simple guide to GDPR with a particular focus on the data destruction element.
GDPR Awareness And Data Protection Policy
Everyone in your business needs to be aware of what GDPR is and what they need to do to ensure your business is complaint. Your data protection policy should include GDPR training and data security training for all employees, and the importance of adhering to your GDPR policy should be reinforced.
Data Processing Audit
Put aside some time to take stock of all the data your business processes and holds. Take stock of where it came from, how and when it’s updated and how long you hold it. Consider if you are recording data consent from individuals and what permissions you have for that data. Can you remove that data is someone requests it, and provide proof? Remember you will need to consider both paper and electronic documentation here. A few things to consider include:
- Quote processing
- Order processes
- Newsletter/mailshot lists
Data Access Audit
Once you know what data you handle and where it all is, look at how you use it and what you do with it. Who do you pass data to (in terms of other people and external organisations). How do you transfer the data to these people, and where do you hold the data to make sure it’s’ secure? Again, both electronic and paper data need to be considered here. A few examples include:
- Third party suppliers, shipper or subcontractors
- Data storage
- Archiving
- Data deletion and destruction
Data Destruction Policy
Once you know everything there is to know about your data, you need to create a complete data destruction policy, and communicate it to everyone in your organisation. When you write this, keep it simple and easy to follow to ensure maximum adherence. Your policy should include at least:
- Placing confidential documentation and data into a locked, secure receptacle.
- Creating separate receptacles for paper and electronic media.
- Arrangements for the collection and destruction of data.
Outsourcing Data Destruction
If you aren’t sure you can handle the destruction of your data in house, then you need to look into outsourcing it. In the past, this step was seen as more of a luxury by many, but now it is more important than ever for your business to be compliant with data destruction. Outsourcing your data destruction provides you with a simple audit trail for each step of your data, and provides your compliance with GDPR, including certificates of destruction. If you choose to outsource your data destruction, your should ensure your provider is properly accredited with UKAS accredited ISO 9001 incorporating EN15713, or PCI DSS compliance (for credit card data).
At Greenaway, we partner with businesses across the South to help them stay compliant with GDPR. Our outsourced shredding services create a simple and easy way to provide complete destruction compliance. Our experts can provide you with a secure shredding console to store unnecessary data in, and our team can bring the shredding centre to your door and provide you with a certificate of destruction when it’s all finished. For more information, or to arrange for your secure shredding console, get in touch with us today.
Recent Comments