Blog

Blog

Blog

contact call03300 376 323

Our Blog

/ Categories: Blog

Managing Secure Document Storage to Comply with GDPR

 

The General Data Protection Regulation or GDPR was a set of new data protection regulations that came into force in May 2018.  With potential new fines of significant amounts behind the legislation, there is a lot of concern from businesses that they are doing what they can to comply.

One area under the legislation to consider is secure document storage – but what is needed to comply?

What kind of documents need secure storage?

The first thing to consider is what kind of documents in the business need secure document storage?  Not everything does but some examples of those that would fall under the new rules include:

·         HR files with personal information in them

·         Data on clients such as addresses, phone numbers and payment information

·         Medical files of any kind

·         Personal files that identify an individual

Once you identify that you have these or other similar important documents, you can then look at how you are going to store them along with other considerations.

Accessing the information

One of the key rules in the new regulations is called the ‘right to be forgotten’ and this essentially means that if an individual wants you to destroy all the information you hold on them, you have to do this.  You also need to get rid of paperwork after you have no ‘compelling reason for its continued processing’ for example after a tax period has expired.

This means you need to be able to access the information if someone requests that you forget them.  That’s why using a professional secure document storage company is an important part of compliance – otherwise, you need to be able to find it in your business premises.  Setting up a system to identify where documents are kept and how to find them is also a part of the process.

Can you guarantee document safety?

Because these documents are considered to hold personal and sensitive information about someone, you need to make sure you can keep them safe.  If not, this is what is known as a data breach and needs to be reported to the data protection authorities. This can happen if someone leaves paperwork on public transport; a vehicle is stolen with documents in or someone breaks into the property.

However, most of the time, it is best to simply secure the documents in a secure facility and to ensure that any kept on the property are secured in locked cabinets.  Make certain that staff don’t print or copy files unless it is necessary and that records are kept of how many copies there are and where they are located.

Correct disposal of documents

GDPR says you shouldn’t keep documents longer than is needed so it is important to see what is the maximum time you are required to keep something.  For example, if it relates to income or expenditure for the business, then it may be seven years for tax purposes. Whatever the case is, once the date has come for the documents to be destroyed, you need to ensure this is done safely as well.

That means using a secure shredding facility to collect and shred the documents.  That way, you don’t have to rely on someone in the business to do this crucial task and ensures that it is done in a  way that no-one will be able to put them back together.

GDPR headache

GDPR has been a headache for many businesses but by following good practices and simply taking into account the changes, there’s no need for your business to be one of them.  Make use of secure off-site storage and shredding to dispose of documents then you can be certain to comply with your part of the regulations.

For more information about our secure document storage options, get in touch with our team.

Print

x