On-site v off-site shredding.
Which should I use?

Although storing confidential paperwork safely is vital, deciding exactly how to dispose of it is just as important.

Under GDPR, companies need to destroy data when it’s no longer legally or practically needed.

They also need to prepare to shred documents for other reasons. These include the rights of people to ask for their personal data to be deleted if an organisation no longer needs it, if it was used unlawfully or if it was provided when they were a child.

To ensure your organisation is compliant with the GDPR, it's essential to have the right paperwork destruction processes in place.

For disposing of sensitive documents, there are three main options. These are:

• Asking a mobile paper destruction provider to shred your documents in their vehicle on your premises

• Letting a third-party provider take documents away for off-site shredding

• Using your own shredders in your workplace, for on-site shredding.

While it may seem less time consuming and easier to let a third party take over, there are reasons why this isn't always the best option.

Lower mobile security

Although mobile shredding brings the benefits of the provider taking on the work, often destroying paperwork quickly and taking away the shreds for pulping, it’s no longer regarded as the most secure method by the government authority responsible for protective security advice to the UK national infrastructure.

As of November 2018, mobile paper destruction providers, other than Defence Science and Technology Laboratory ones, have only been accredited by the Centre for the Protection of National Infrastructure (CPNI) to destroy classified material to the lowest official standard. The CPNI has said that mobile destruction techniques do not comply with its secure destruction standard on how thoroughly highly confidential paperwork should be shredded. Most organisations are likely to hold data that they consider to be sensitive or confidential, and this may need higher security handling than the CPNI’s lowest official standard.

If you already use a mobile service, it could be sensible to review whether this continues to be best for your organisation’s needs.

Risk of interception

Once documents are removed for off-premises destruction there are risks. The CPNI lists these as accidental loss, emergency abandonment, espionage, hijack or vehicle theft, insider attack or theft.

Any of these events could lead to a data breach, which may then need to be reported to the Information Commissioners Office. If personal data is lost or disclosed, this could lead to identity theft or fraud, financial loss and damage to the company’s reputation.

However, if shredding is done in-house, it is equally important that this is done regularly and in a timely fashion, and sensitive paperwork is not left where it could be accessed by unauthorised individuals in the workplace.

Time involved

If the time involved in shredding is the main concern, options such as the AutoMax shredder, with auto feed functionality, offer a time saving, secure, ‘on-site’ alternative to off-site shredding.

Users just need to add their documents to the shredder, press a button and walk away. This keeps all documents in house and does not require the involvement of any external organisations or individuals.

Tailoring to need

Whatever the shredding process you use, matching the security level to your needs is essential.

When you shred in-house you can match the security level of shredder or DIN level to the differing security needs of different departments. A DIN 4 level shredder would offer good security in general office areas, a DIN 5 one is suitable for legal, finance and HR, and DIN 6 and 7 shredders are for military or governmental use. Where the volume of paperwork is extremely high, an organisation may find a mobile provider a quicker and easier solution but will need to be careful about handing over confidential documents to these third parties.

There are also in-house solutions for high volumes of paper. An auto-feed shredder that can shred several hundred sheets in a few minutes can be a good, highly productive alternative to a third-party provider, because it does not require the user to stay next to the shredder while it’s in use.