More can be doneIn-depth research within numerous workplaces suggests that employees and businesses believe more can be done to ensure compliance with GDPR. For example, a survey released in September 2019 of UK GDPR decision-makers conducted on behalf of Egress, revealed that 52% of businesses are not fully compliant with the regulation, even now, more than a year after its implementation. The survey also found that 37% of respondents had reported an incident to the ICO in the past 12 months.
Fines can be hugeIt is worth remembering that the maximum fine for a data breach, regardless of it being a physical (paper-based) or a digital breach, is up to 20 million or 4% of a company’s preceding global turnover, whichever is greater. Notably, not only is the financial risk potentially huge, but the impact on a company’s reputation is also significant, therefore non-compliance could be disastrous. For most companies who invested extensive time and resources into ensuring compliance when the legislation came into force need to continually re-evaluate any potential areas of weakness regarding GDPR. This is due to changes within the legislation as time goes on and as other business and operational priorities come into the picture. So, here are my top tips to help your business become GDPR-compliant.
1. Shred!Any non-essential printed documents no longer needed that containing sensitive data should be stored securely or shredded immediately; either by a personal/office shredder or by specialist third-party service providers. ? Personal/office shredders come in a range of grades from P1 to P5: – P1 is a strip cut, offering very basic security. – P5 is a cross-cut shredder where a single sheet of A4 is cut into thousands of pieces, providing the most secure way of destroying paper documents in an office. ? Specialist third-party confidential waste disposal services, such as Lyreco Shredding Service, can provide lockable bins to ensure your confidential documents are stored and transported safely and disposed of on your behalf.
2. Encrypted portable devicesUse encrypted USB hard disk drives (HDDs) and USB pen drives to transport confidential documents and digital data around. These devices are protected via encryption by either fingerprint or keypad number-entry access. So if your devices are misplaced, stolen, or left with a client, you can ensure your business remains your business.
3. Physical dataUse a document scanner to digitise confidential paper files and then dispose of them in a GDPR compliant way. Of 598 data security incidents between July and September 2016 recorded by the ICO, 40% were attributed to paper. By using a document scanner to digitise confidential paper files and then dispose of them in a GDPR compliant way, it is possible to reduce the amount of sensitive paperwork in an office and simplify data management.
4. Dispose of, recycle or resell old technology securelyEnsure any old laptops, tablets, phones or PCs are clear of any data when it comes to disposing of, recycling or reselling them. It is important to understand how both physical and digital data prove a risk if not managed and destroyed in a secure way. Everything which has sensitive information printed on it, or stored within it, must be disposed of or stored in a GDPR compliant way, including within the supply chain. While many companies will be ensuring GDPR compliance is covered in the fundamentals of operations, it is always worth refreshing on what it means and how a business is operating as the risks of falling foul are too great to ignore.
Sign up to our newsletter to get the latest from Business Advice.