Destruction of data and you
Like it or loathe it, organisations like yours are legally responsible for protecting the data you hold on an individual or organisation under the Data Protection Act. Destruction of that information in a safe and secure manner is highly important to comply with the law. New rules came into place in May 2018 called General Data Protection Regulation (GDPR) and heavy fines can - and have - been levied on those who fall foul of them.
The information you are responsible for safeguarding is not always financial, health related or personal. Seemingly innocuous details like names, telephone numbers and even publicly available information are covered by GDPR protections. This means if you hold that information in computer files or in paper form, you must be able to prove you protected it and destroyed traces of it in a manner that fits with the regulations. As the media continues to report how scammers are becoming increasingly more sophisticated and cases of identity fraud are on the rise, it shows how complying with Data Protection and GDPR is more important than ever. It’s what your customers, clients and the law expect.
How important is it that we comply?
Breaches of data protection carry big fines of up to £500,000. Even more damaging, they can irreparably compromise your reputation. In the first three months after GDPR laws were implemented, reported breaches increased by 173% - and that’s just the breaches that were reported. It’s not just the small-time operations that have been dealt fines by the Information Commissioner’s Office, government organisations have too.
Bayswater Medical Centre: Fined £35,000 in May 2018 for leaving highly sensitive medical information in an empty, and unsecured building for 18 months.
Greater Manchester Police: Fined £150,000 after losing footage of interviews with victims of violent crimes.
Crown Prosecution Service: Fined £325,000 after losing unencrypted footage of police interviews.
What must my organisation do?
By law your business must carry out an audit of how you treat other people’s data and destroy it after use. For computerised files it is easy to delete them and remove information from removable storage devices.
Paper shredding: The size of the shred particles required to comply with GDPR regulations depends on the sensitivity classification of the information that needs destroying. This is determined by the Centre for the Protection of National Infrastructure (CPNI) . https://www.cpni.gov.uk/about-cpni For example shredders that meet NHS paper based information standards must be micro cross cut shredded to at least HMG S5 DIN Level 4/5. Shredding must be done onsite prior to disposal.
Various HSM shredders are approved for use on the CPNI website, including all the Securio range with a shred particle size of either 1.9x15mm, 0.78x11mm and 1x5mm. https://www.cpni.gov.uk/cse/securio-range?ref=ajax
Businesses can choose between in-house shredding and hiring professional shredding companies to do it. However, the CPNI have stated that shredding service providers are now only rated as secure up to 'Official' standards. There are two higher standards the ‘Official’ the CPNI recommend for greater security. The CPNI also now advises that anyone using a shred service does so at their own risk. Further details can be found on this link https://www.cpni.gov.uk/secure-destruction-0
Glendale Presentation Solutions can help by providing GDPR and CPNI compliant shredders to suit your organisation’s size and space. https://www.glendalepresentation.co.uk/shredders The HSM shredders that Glendale supply include warranties of three years on electrical parts and a huge 20 years on the shredding shafts. HSM shredders are made in Germany, using only the best components. HSM shredders are characterised by low energy consumption, durable design and the avoidance of materials that are harmful to the environment. These were the reasons that document shredders for the Securio range were awarded the Blue Angel certificate in Germany. Learn More about this certificate: www.blauer-engel.de/uz174
Why is it better to shred yourself?
Control: By keeping data destruction in-house the main benefit to you is control. Ownership of your own shredding machines means you know for sure your machine complies with the CPNI’s requirements for the security specification of the information you hold on others.
Risk elimination: Storing sensitive information for longer than you need it poses risks such as accidental loss, theft, and espionage. In-house shredding gives the data holder immediacy and shortens the risk chain associated with mobile and fixed site destruction options.
Space saving: Some organisations are so big they need whole rooms and buildings to store documents, shredding as you go saves space.
Cost saving: Monthly costs associated with outside shredding services soon add up. Typically, one year of shredding serviced payments will pay for a HSM shredding solution that will last years.
To find out more about the full range of HSM shredding solution from Glendale Presentation Solution please contact one of team who will be happy to help.