Popular Search Terms:
  • Fellowes Shredder
  • Volo Wall System
  • Bulldog Shredder
  • LX Series

Protect your business and be GDPR Compliant

Best Practices for Document Retention and Secure Shredding

The European General Data Protection Regulation (GDPR), enacted on May 25, 2018, has brought about significant changes in how businesses manage personal data, extending its jurisdiction from public authorities to small and medium-sized enterprises. The GDPR sets forth stringent rules for the processing of personal data, covering information such as names, addresses, email addresses, social security numbers, and more. Non-compliance may result in fines of up to 4% of global turnover or €20 million, emphasising the critical need for businesses to prioritise data protection.

1. GDPR and Document Retention: Best Practices for Paper Records

To align with GDPR, businesses must extend their data protection policies to encompass paper documents. Whether stored electronically or as hard copies, organisations need to implement technical and organisational measures to ensure secure data processing. Key considerations for paper documents under GDPR include:

  • Secure Destruction: Documents containing data no longer needed must be securely destroyed through methods such as shredding.
  • Organised Storage: Documents that need retention should be stored in a manner allowing easy traceability and accessibility when required.
  • Access Control: Sensitive documents require storage in locked cabinets, with restricted access limited to authorised personnel.
  • Inclusion of Remote Workers: Policies should encompass temporary and remote workers, outlining procedures for protecting documents and data in their possession.

The Rules

  1. Article 6: Lawfulness of Processing
    This article governs how data is processed and who sees it and for what purpose.
  2. Article 5(1): Data Protection Principles
    Some of the data principles in this article ensures that data is kept no longer than is necessary and that it is destroyed properly and securely.
  3. Articles 5(1) e and 89: Archival Materials
    Personal Data may be stored longer solely for archiving purposes in the public interest, scientific of historical research or statistics, provided appropriate protections are in place.

Six principles of data protection

Every data protection strategy should include the principles that data shall be:

  1. Processed lawfully, fairly and in a transparent way.
  2. Collected for specific, explicit, and legitimate purposes, and not subsequently processed in a way that goes against those purposes.
  3. Adequate, relevant, and limited to what is necessary .
  4. Accurate and up to date. Inaccuracies should be processed, erased, and rectified.
  5. Kept for no longer than is necessary.
  6. Processed securely.

The Tools

  1. PrivaScreen Blackout Privacy Filters help maintain those high standards of data processing by limiting visibility of data to the individual its intended for. If you’re in a busy or public environment, a privacy screen darkens the view from the side to prevent prying eyes from reading your screen.
  2. Fellowes Series Shredders are an essential part of any data protection plan, providing secure and proper destruction of documents when they are no longer needed. Suitable for the home and commercial offices, you can adhere to GDPR regulations wherever you work.
  3. Bankers Box Records Storage Solutions keep long term archival records safe and secure, with clear labelling that ensures a well organised records management system. Store your Bankers Box in a secure cabinet or room to ensure compliance with GDPR.


2. Secure Shredding and GDPR: What You Need to Know

It's not secure until it's shredded!

Every organisation has a legal responsibility to safeguard sensitive information and dispose of confidential material securely. The organisation is also responsible for any confidential material that's taken outside its premises by any of its employees. This includes both hard copy documents and anything that can be viewed on a computer, laptop or mobile device.

Despite increased awareness of identity fraud over the last few years, the crime is still growing at an alarming rate in the UK. And, because we deal with so many pieces of information on a daily basis, we’re all at risk – individuals and organisations alike.

A discarded bank statement, or a snippet of payroll information or a crumpled customer proposal could be all a criminal needs to cause irreparable damage to you and your business.

Being careless is costly

  • 51% believe that hybrid working may have increased the amount of sensitive information being lost or in breach of GDPR rules

  • 46% have seen people leave confidential work-related documents unattended

  • One in four say they do not follow their organisations GDPR policy, do not know of one, or cannot remember the details.

  • 70% of all respondents have either taken printed work documents home, printed documents at home, or both.

  • Of these, 47% say they do not shred these after finishing with them, instead:

  • 15% tear them a few times and throw them in the bin

  • 13% throw them in the recycling bin as they are

  • 13% tear them a few times and throw them in the recycling bin

  • 6% throw them in the bin as they are

Shredding is the best way to securely destroy confidential documents for the protection of sensitive business information and personal identities.

Guidance for better shredding practices:

Secure shredding is key to keeping confidential paperwork out of the wrong hands and reducing organisational exposure to data breaches. Using a shredder to safely destroy confidential paperwork should be part of our daily routine, wherever we work.

  1. Don’t assume everyone understands GDPR. Educate all employees on GDPR requirements, personal data handling and the six principles of data protection. This training should be given to all new starters, whenever legislation is updated, and as part of regular data security refresher sessions.

  2. Lock confidential documents away when these are not in use, and never leave them lying around unattended at home or in the office.

  3. Shred all sensitive paperwork before recycling or disposing of it, ideally without needing to take the risk of transporting it from home to office, or vice versa.

  4. Give all employees easy access to a secure shredder at home and at work.
  5. Discover the world’s toughest shredders for commercial and personal use today.