Click to view the latest updates on our services.  Service Status Update.

contact call08003764422


Restore Datashred News

/ Categories: Archive

Data Controllers and Processors, A match made in GDPR heaven


With the new EU General Data Protection Regulations inching ever closer, GDPR is on the agenda for most businesses.

We thought we’d take a look at an aspect of confidential paper shredding and data destruction that relates to GDPR.

It all stems from a fundamental element of our shredding process; the fact that confidential data needs to be both controlled and processed.

This means that there are two clearly defined roles; data controllers and data processors.

Who controls and who processes?

Put simply, our clients, the businesses for whom we provide our shredding services, are data controllers and we are their data processors.

We recognise that data controllers need to prove to the people that they report to that they have chosen competent and compliant data processors.

As a result, data controllers need to be able to ensure that all procedures are being adhered to and all regulations complied with when confidential data is being processed and destroyed.

GDPR Compliance & Secure Shredding

In light of GDPR, renewed focus is being placed on the secure retention and destruction of personal data. While GDPR will update data protection legislation, in the event of a data breach right now, non-compliance would result in a fine.

Do you know if your current shredding service would meet current regulations, let alone the updates that GDPR will bring?


Compliant, Competent, Reliable Shredding

There are three areas where you can demonstrate that, as a data controller, you are employing the services of a proficient data processor.


An ability to show that the shredding process being used is trackable will be vital for GDPR compliance. A reputable shredding company will be able to provide a thorough audit trail.

Ensure that your shredding service provider can show that they:

  • Uses lockable confidential data consoles to dispose of sensitive documents
  • Never leaves any waste unattended
  • Complies to BS EN15713:2009 standards
  • Stores all shredded material securely

Cost vs compliance

Storing documents and data in an unsecured place may reduce costs but they will increase the risk of data breach and any subsequent fines.

By using a regular document destruction service with a trusted supplier, you can remove any storage-related risks.

A fully-accredited shredding company will have the sufficient security levels to ensure the integrity of any data that they process.



The decision to keep paper documents for a fixed period of time will differ from sector to sector.

Businesses will have different requirements based on the data and documents that they control and manage.

Data controllers will probably know what those requirements are but an experienced shredding company should be able to offer help and advice.

As you can imagine, as a fully-accredited secure shredding company we can offer help, support and compliance with all of the factors highlighted here.

If you’d like to find out more about how we can build a strong data-controller/data-processor relationship with your business, contact our team today.