HAPPY BIRTHDAY
GDPR One Year On…

Has it really been 12 months since the new GDPR regulation came into force?
Doesn’t time fly when you’re having fun! Although it’s fair to say that the internet giant Google weren’t having too much fun with their recent £44 million data breach fine (which could have been considerably worse by all accounts!).

As GDPR in the news becomes ‘business as usual’, privacy and security now, more than ever needs to be become part of every business’ DNA. GDPR is more than just the IT Manager’s issue. The security of data falls across many different departments and job titles in all organizations, there is accountability and responsibility right across the board.

We’ve all noticed changes to how our own personal data is being processed, with increased pop ups on websites and social media sites requesting our consent to use cookies, also emails asking for consent to market or to update preferences. In most instances digital data is being taken seriously, but are we really considering every area of our businesses thoroughly?

A survey undertaken by Rexel around GDPR found that 49% of businesses have an updated digital data security policy but 75% have not updated their approach to physical data disposal. A whopping 65% confirmed that they had not purchased any paper shredding equipment as a result of the new legislation*. It would seem that shredding security levels are not widely understood. It is time to be fully prepared and secure at all times.

The requirement for businesses to have watertight security practices for personal data with respect to collection, storage, access and disposal of information, has meant many organisations have found themselves unprepared, nearly 40% of breaches are paper-based**. Part of the requirement is the need for procedures to be in place for what happens in the event of a breach. It’s really important we extend our policies and procedures right the way through our businesses, and we don’t overlook security policies and practices relating to the paper based data we collect - even at our desks.

If you’re concerned about the way your company is processing personal data, here are some ways you can improve your company’s compliance in six steps:


1. Appoint a Data Protection Officer.

This Officer must be fully conversant with the organisation’s responsibilities regarding GDPR and have a thorough understanding of what data within your organisation counts as ‘personal’, where it’s kept, who has access to it and who to report concerns to.  The Data Protection Officer does not have to be an employee, you can outsource this function.

2. Assess your systems.
Review all contracts, technology support, procedures and tools that relate to the processing, handling, storing and deleting of data to enable you to identify any weaknesses or gaps that require changes to be made

3. Develop a strategy.

Construct a new strategy that will ensure full compliance with the GDPR. This strategy may encompass new investment in technology, revised staff procedures and responsibility for data processing, create new roles within the organistaion

4. Implement a new organisation policy.

The next step towards compliance is to put your plan into action throughout all levels of the organisation. Invest and introduce new technologies and systems into the workplace. Publish an informative data handling and processing guide.

5. Employee engagement.

Launch your new data compliance policy to all staff, provide training and information guides to employees so they are educated and aware of their responsibilities and the changes taking place to ensure the company is meeting requirements of the GDPR

6. Review and improve.

After launching your GDPR compliance plan, it should be continually reviewed and improved, making any necessary improvements to successfully and efficiently ensure your organisation continues to be compliant

Consider investing in a GDPR Compliant Shredder to help with your physical DATA DESTRUCTION. Take a look at our GDPR Compliant Shredders here

* ACCO Brands EMEA research conducted in September 2018 by an independent 3rd party using quantitative primary research via an online self-completion questionnaire.
Panel: 600 decision makers for office equipment identified in UK, Germany & France.

** ico.org.uk/action-weve-taken/data-security-incident-trends