GDPR: compliance or contravention?

GDPR: compliance or contravention?

It’s just over a year since the General Data Protection Regulation – GDPR – came into force. Some companies have taken it in their stride and are meeting their legal obligations but a considerable number are either still lagging behind or are not as compliant as they think they are.

GDPR came into effect in May 2018, and in the following eight months, over 95,000 infringement complaints were made to EU national data protection authorities. The Information Commissioner’s Office (ICO) is now exercising its power to impose fines, and they can be huge. Notably, British Airways and the Marriott Hotel Group are facing penalties of nearly £300 million between them following significant data breaches – around £183 million for the former and some £99 million for the latter.

Given the very real risk of fines, not to mention reputation damage, it’s vital that companies are not only currently GDPR-compliant but also have robust processes and policies in place to ensure that they stay that way. In other words, vigilance has to be continuous.

The paper factor

Most people associate GDPR with digital data, and consequently, it has been the main focus for protective measures. But the Regulation equally applies to paper documents, with companies required to have appropriate systems in place for handling them.

Importantly, physical records can’t be kept longer than is necessary and their secure and timely destruction needs to be accounted for. In addition, companies that outsource disposal of their confidential office waste are obliged to have a contract with a GDPR-compliant collection and destruction service provider.

Worrying, a large number of firms have overlooked these issues and are therefore putting themselves at risk.

Getting it right

To help you meet your responsibilities, we provide an ultra secure collection and destruction service for both physical documents and data media, with our contracts fully compliant with GDPR. We use a dedicated shredding plant licensed by the MOD, and provide verified disposal and destruction documentation, giving you a full audit trail.

If you are unsure if your processes meet GDPR requirements, we’re happy to provide a free consultation.