Franchising · 30 December 2019

The importance of ensuring GDPR compliance

Avoiding falling foul of the risks related to non-compliance with the General Data Protection Regulation (GDPR) is crucial for businesses, not only from a financial perspective but, to protect their reputations as well. However, while GDPR has been in place for well over a year, it is imperative employees and companies do not become complacent as time passes.

When GDPR was first introduced, quite rightly, there was a huge amount of media coverage and attention paid to this powerful legislation. However, just over a year on, it’s no longer featuring across the news pages in the same way and, this can mean that it no longer gets the same attention in a company either.

More can be done

In-depth research within numerous workplaces suggests that employees and businesses believe more can be done to ensure compliance with GDPR.

For example, a survey released in September 2019 of UK GDPR decision-makers conducted on behalf of Egress, revealed that 52% of businesses are not fully compliant with the regulation, even now, more than a year after its implementation.

The survey also found that 37% of respondents had reported an incident to the ICO in the past 12 months.

Fines can be huge

It is worth remembering that the maximum fine for a data breach, regardless of it being a physical (paper-based) or a digital breach, is up to 20 million or 4% of a company’s preceding global turnover, whichever is greater.

Notably, not only is the financial risk potentially huge, but the impact on a company’s reputation is also significant, therefore non-compliance could be disastrous.

For most companies who invested extensive time and resources into ensuring compliance when the legislation came into force need to continually re-evaluate any potential areas of weakness regarding GDPR.

This is due to changes within the legislation as time goes on and as other business and operational priorities come into the picture.

So, here are my top tips to help your business become GDPR-compliant.

1. Shred!

Any non-essential printed documents no longer needed that containing sensitive data should be stored securely or shredded immediately; either by a personal/office shredder or by specialist third-party service providers.

? Personal/office shredders come in a range of grades from P1 to P5: – P1 is a strip cut, offering very basic security.

– P5 is a cross-cut shredder where a single sheet of A4 is cut into thousands of pieces, providing the most secure way of destroying paper documents in an office.

? Specialist third-party confidential waste disposal services, such as Lyreco Shredding Service, can provide lockable bins to ensure your confidential documents are stored and transported safely and disposed of on your behalf.

2. Encrypted portable devices



Andrew has over with 11 years? of commercial experience working with industry-leading brands to generate best in class customer experience through effective procurement. He's currently responsible for the IT, Technical & Extended Range Category at Lyreco, possessing a comprehensive set of skills to drive innovation and change in an established business environment.