Fellowes logo and banner

General Data Protection Regulation
General Data Protection Regulation

General Data Protection Regulation

The European General Data Protection Regulation (GDPR) became law across Europe on 25 May 2018. These new rules apply across the board from public authorities to small and medium-sized businesses.

The GDPR applies to the handling of personal data. Personal data is all data relating to a living individual who can be identified from that data. Think about names, addresses, e-mail addresses, social security numbers, bank account numbers, etc.

Non-compliance could result in fines as much as 4% of your global turnover or € 20 million, whichever is higher – as well as a damaged reputation for your business. Your organisation cannot afford to take risks with the personal data it holds.

Businesses have to implement technical and organisational measures to make sure data is processed securely. This applies to all personal data, whether held electronically or as paper documents.

What to do with your paper documents under GDPR?

In addition to securing your electronic data, you should also include paper documents in your data protection policy.

Documents with data which you don’t need to hold anymore need to be destroyed in a secure manner by shredding.

Documents which you still need to hold must be stored in a way that allows them to be easily traced and located if required.

Sensitive documents need to be stored in locked cabinets and access restricted to a certain number of people within the business.

Don’t forget temporary and home workers - include them in your policy and how they should protect documents and data in their possession.

Download GDPR brochure

The Rules Of Compliance
The Rules Of Compliance

How secure is your business data?

Get ready for GDPR

Without a robust data protection policy, your company could be leaving itself open to fraud and identity theft, which could be catastrophic to your business’s finances and reputation. Discover how secure your data security is by taking our Data Privacy Health Check – your customised guide to assuring best data protection for your business, employees and customers.

Please take your Data Privacy Health check here and get a free personal report with tips to improve your security.

Equip your business for GDPR compliance


With GDPR now a reality, data protection is at the forefront of discussions.

And it’s not just individual remote workers who can find sensitive data slipping through their fingers.

Over recent years, data breaches at known high-profile businesses have proven that nobody is immune from sheer carelessness or everyday risks. The spotlight on data protection is brighter than ever with GDPR.

It applies to all hard copy and digital data.

The consequences of a data breach are severe and non-compliance could result in fines as much as 4% of a business’s global turnover or €20 million, whichever is higher – as well as a damaged reputation.

Here are some of the recent data breaches that made the headlines.



In 2016, global taxi firm Uber fell prey to a hack that exposed the personal information of around 57 million customers worldwide. This security breach compromised customers’ names, email addresses and mobile phone numbers. Instead of disclosing the incident when it was discovered, senior executives decided to pay a ransom of $100,000 to delete the stolen data. Their information was not knowingly used for any fraudulent purpose.
(Source: http://fortune.com/)



In late 2017, world-leading accountancy firm Deloitte discovered itself to be the victim of a long-running cyber-attack. Hackers used an administrator’s email account to access restricted information on blue-chip clients including usernames, passwords, personal details and confidential emails.
(Source: https://www.ft.com/)

Facebook and Cambridge Analytica

Facebook and Cambridge Analytica

More recently, in 2018, we heard how up to 87 million Facebook users were affected when Cambridge Analytica (CA) obtained voter data through a Facebook-linked app named 'thisisyourdigitallife'. The app facilitated a detailed personality test that users were paid for, as part of academic research. However, the app also pulled personal data from all users' linked Facebook friends without their consent.
(Source: https://www.techradar.com/)


The risks and consequences of data breaches are very real and all businesses have a legal obligation to implement the guidance set out in the GDPR. Fellowes offers a range of products that can help organisations.