Free Shipping ON ORDERS OVER $99
Whether it’s paperwork, CDs or credit cards, shredders are a lifesaver for every workplace that needs to safely destroy confidential information.
While many of us find it satisfying feeding papers through a shredding machine, it’s just as important to know what not to shred as it is knowing what to shred.
Most organisations don’t want to waste manpower and shredder time disposing of paperwork that doesn’t need shredding. They need to know which documents are classed as sensitive or confidential, and when to shred these.
Personal data could be any information that identifies an individual, whether they are a customer, client, employee or associate. Anything that can identify someone fits in this category, including photos, names, addresses, phone numbers, transactions or social media activity.
Under the GDPR, businesses are legally required to destroy personal data once it's no longer needed for the purpose it was acquired, or if a person asks for their personal data to be removed.
Shredding personal data is also important in the fight against crime. Fraudsters can use people’s personal details to open bank accounts, take out credit cards, loans or benefits, order goods under a stolen identity or get a passport or driving licence.
The more that these criminals know about an individual, the more convincing their scams can be.
Every country has its own legal requirements on how long contracts, business agreements and similar documents must be stored. In the UK this is usually a period of six years beyond the length of the contract, and in France there’s a ten-year retention period for accounting documents, and a 30-year period for other types of paperwork, including documents relating to acquisitions or disposals of real estate.
Although destruction timings should always be checked carefully, documents like these should be safely shredded at the right time.
If you have documents that do not directly relate to company information or accounts, which don't need to be kept, check when these can be destroyed. These could include receipts, deposit slips and bank statements. It may be the case that once these documents have been used to reconcile accounts or expense claims, they can be shredded.
The GDPR requires human resources (HR) departments to demonstrate why they are keeping data on employees, past and present. If applicable, it expects them to justify why they’re keeping any data beyond the required retention period.
HR data should be regularly checked, and employee consent sought if any needs to be kept longer than usual. Once data has reached its legal expiry date, it must be shredded.
It can help if every workplace has a paper destruction policy that’s explained to every team member handling sensitive data. Posters around a workplace can help back this up and remind people how, when and why different types of documents need to be destroyed.
It’s also a good idea to make sure that remote or home-based employees have the use of a shredder and are made aware of the need to store confidential data safely. They need to dispose of this paperwork securely as soon as it is no longer needed, or if they are required under GDPR to dispose of it.