New legislation called GDPR has hit the headlines over recent months, and this article explains how GDPR will affect the recycling industry and the need for data shredding.
New legislation called GDPR has hit the headlines over recent months. This article explains how GDPR will affect the recycling industry and the need for data shredding services.
What is GDPR?
GDPR is a new legislation that is coming into force on 25 May 2018. It will replace all Data Protection Legislation within the EU, including the Data Protection Act 1998. This new legislation will affect every business that trades within the EU or with member states of the EU, so even after Brexit, if you trade outside of the UK, this legislation will still affect your business.
The main aim of GDPR is to tighten the controls of how personal data is handled. This means that you will not be able to process anyone’s personal data without having explicit consent from them, and you must also have a legitimate interest to process it too. Individuals will have the right to access all information you hold on them, and they can restrict the way you process their data.
Tighter controls will be required on how data is stored, and all data must be in a format that can be easily transferred from one IT system to another, should the individual request it. Companies will be required to have robust policies and procedures in place to ensure that all of their staff understand this legislation, and they must be able to demonstrate adequate procedures for securely storing and destroying personal data, and for dealing with data breaches.
How will GDPR affect the recycling industry?
If anything, this legislation will have a positive impact on the recycling industry. It will mean that all businesses will have to ensure that they securely destroy all personal data once they have finished with it. This will mean an increase on the recycling of confidential papers, hard drives and memory/storage devices.
GDPR legislation states that business must be able to demonstrate their compliance with the legislation, part of this will be to ensure that they have secure destruction certificates for each disposal, and that their items have been shredded to EN15713 Standards.
What will your business need to do?
It will be vital that you have adequate processes and procedures in place, and a clear understanding of what data you hold and why you hold it. A good starting point is to ensure that you understand the following within your business:
- What personal data you process?
- Why you process personal data?
- Whose personal data you process?
- When in your business activity is the personal data processed?
- Where in your business activity is the personal data processed?
If you are unsure where to start, the Information Commissioners Office have a free helpline for advice, or further details can be found on the ICO website.
How should your staff be educated about GDPR?
To ensure your business is compliant with the new GDPR regulations, all employees should receive adequate training to confirm that they understand the basis of this regulation and what their responsibilities are as an employee. They should also have a clear understanding of all policies and procedures that you have implemented within your business in relation to GDPR and demonstrate that they have a full understanding of these. Failure to be compliant with the GDPR legislation could leave your company liable for a fine of up to 5% of your annual turnover.
How can Blue Castle Group help?
Blue Castle Group has a vast knowledge on data shredding and security and are able to arrange confidential data shredding and secure destruction, either on site at your premises or off site at one of our data shredding facilities.
To discuss your data shredding requirements, please call our in-house expert, Barry Payne, who can guide you through your requirements and ensure you are compliant.