Click to view the latest updates on our services.  Service Status Update.

contact call08003764422

 

Restore Datashred News

Just checking in: how’s your GDPR compliance?
/ Categories: February

Just checking in: how’s your GDPR compliance?

So, as mentioned, in 2019 the ICO outlined that a number of businesses would be subject to large fines for failing to protect confidential data. These fines were handed down to leading medical pharmacies, airlines (think BA) and high street chains, for example, that failed to protect the data they stored and processed. These failures included the theft of half a million customers’ detailed account information through an online scam, and the dumping of half a million medical documents containing sensitive information in unlocked containers. The former incurred a multi-million pound fine, the latter one for £275,000.

No matter the size of the punishment, it is clear that the ICO’s net can close in on a business to devastating effect if information falls into – or is targeted by – the wrong hands.

How do you plug the gaps?

It is important for businesses of all sizes to have a data destruction process, better known as a retention and disposal policy, in place to ensure that all confidential information is protected. You should be able to prove chain of custody throughout its lifecycle.

As our ‘medical documents in an unlocked container’ story shows, disposing of material – whether on paper, hard drives, USB sticks or even branded textiles, for instance – is just as important to your and your customers’ reputations as having well run document management up to the point of disposal. You don’t want to keep it securely and then simply chuck it in the bin, you need to make sure you send it to be destroyed so no one else could possibly use it.

Restore Datashred is an accredited supplier when it comes to the handling, removal and destruction of confidential data. We like to say that we’re ‘serious about shredding’ and it’s true – it is our business to guarantee your confidentiality and the security of all our processes and we work hard to ensure this.

Our services are backed by leading governing bodies within the UK, including the ICO, BSIA and UKSSA. These are just a few of our leading accreditations that give you the peace of mind that Restore Datashred is a compliant and competent supplier of end-of-life data destruction.

So, there are a number of simple steps you can take to make sure your business processes are secure when you dispose of your confidential data.

Step 1
Don’t chance it, just destroy it!
– there are many instances of businesses only destroying documents that they deem to be confidential, leaving others exposed to those with ill intentions. Help reduce your exposure and adopt a ‘shred all’ policy. This will protect against digital breaches and physical theft. By partnering with a company like Restore Datashred you can be sure that your paper, hard drives and media or textiles will be destroyed correctly.

Step 2

Start to draw up a retention and disposal policy – no matter whether your records are stored in the cloud or physically in a filing cabinet, it is essential your policy has you covered. This safeguards each item from the moment it is produced to the moment it is shredded – and all within the correct retention period. You can download Restore’s Retention and Disposal guide here to find out more about how long you should store your confidential documentation and digital media.

Step 3
Think shred, think Datashred – if you have any archive boxes, shredding sacks or ad hoc shredding requirements then speak to the knowledgeable customer services team at Restore Datashred today. They can advise you on the best course of action to make sure that all your confidential materials are destroyed in line with the government standard BS EN15713.

Data protection in a changing world

A question that many businesses have is whether, after much effort and investment, the GDPR will still be relevant once the UK has finished the transition period and left the EU.

According to the ICO:

“The GDPR is an EU regulation and, in principle, it will no longer apply to the UK from the end of the transition period. However, if you operate inside the UK, you will need to comply with UK data protection law. The government intends to incorporate the GDPR into UK data protection law from the end of the transition period – so in practice there will be little change to the core data protection principles, rights and obligations found in the GDPR.

The Data Protection Act 2018 (DPA 2018), which currently supplements and tailors the GDPR within the UK, will continue to apply.

The provisions of the GDPR will be incorporated directly into UK law from the end of the transition period, to sit alongside the DPA 2018.”

Of course, if your company will continue to import data from or export data to any EU territory, then the GDPR will still apply.
 

For full details, please view and regularly check for updates:

https://ico.org.uk/for-organisations/data-protection-and-brexit/information-rights-and-brexit-frequently-asked-questions/

Print