As a business, you are likely handling a significant amount of confidential information on a day to day basis. Whether it’s about your accounts, your clients or your employees, this intimate data could cause untold problems for your operation and in a worst case scenario, may lead to serious legal action against you.
Therefore, it is important to ensure that you are disposing of all of your confidential waste in a responsible manner. Yet, what does it take to get rid of important documents and what actually falls under the term ‘confidential waste’? These questions and others can make the process seem slightly confusing, however, we at DCW have decided to put together a handy guide on how you can confidently dispose of your confidential waste.
Adhering to GDPR and the Data Protection Act
When it comes to confidential waste in the UK, businesses had to adhere to what was known as the Data Protection Act, which came into force in 1998. The act required companies to both handle and dispose of its sensitive information in an ethical and responsible way, further ensuring the protection of employees and colleagues against identity theft. Under section 55A of the Act, businesses could be fined up to half a million pounds sterling if found to be ignoring their responsibility to ethical waste disposal.
Although this may have seemed like an extremely punitive fine, it was there to stop the harmful effects of identity theft, financial fraud and a whole host of other crimes that can severely affect an individuals life. Therefore, you have a duty to protect both yourself and your colleagues by adhering to these regulations.
Of course, as we have entered the digital age, where information can be easily gleaned via the internet, we are finding more and more identity fraud crimes being committed online. According to CIFAS, the UK body concerned with fraud prevention, there has been noted a significant rise in fraud in the UK, especially through online means.
To counteract this, the EU’s General Data Protection regulations (GDPR) has been rolled out throughout the European Union, with the UK complying in May 2018. GDPR has helped to standardise the rules of data protection, adding more stringent regulations regarding the protection of EU citizens and superceding the previous UK Data Protection Act. With these changes is a higher focus on the ethical handling and disposing of online material in an attempt to combat fraud and can incur as much as 20 million euros in fines if found to be seriously ignoring compliance.
Unfortunately, with Brexit looming, many UK companies believe that these more stringent regulations will not be kept in force. However, the UK government has already said that it will be continuing EU data protection policies and for companies working with customers within the EU, they will still have to comply with GDPR. With this in mind, it is most definitely in your best interest to completely ensure you’re complying to GDPR and discarding all sensitive information properly.
Types of confidential waste
Identifying what constitutes confidential waste is key when creating a plan to discard it. In layman’s terms, confidential data is any documentation that contains sensitive or personal information that could identify an individual. The information could be a name, an address, financial information or a whole host of other factors that could be taken advantage of by criminals. With this in mind, it’s important to first split the waste into two categories: physical and online data. Both categories can hold sensitive information so it’s important to check through everything. This might include memos, employee applications, bank details, education details and anything else that could identify a person.
If you’re not yet disposing of this information, it is still important to handle it responsibly. According to the principles 4 and 6 of GDPR, information should only be kept within a business for as long as it is needed and whilst in their possession, it must be safely secured to protect against unlawful access or damage by a third party. Once this information has been used, it is now imperative it is disposed of ethically.
How to remain GDPR compliant
Now that we have an understanding of data protection and its importance to every operation handling sensitive information, it is useful to learn the processes that should be in place to remain compliant. To begin with, it is essential that all employees within an organisation are fully up to date on what is required of them and that your data protection policy is in line with GDPR with the risk of non-compliance being made abundantly clear.
Secondly, spend time understanding who you pass data onto and what you do with it by carrying out a data access and processing audit. This needs to be done for both physical and electronic documents and should look into a variety of areas including:
● Quote and order processing
● Mailing lists and newsletters
● Data storage
● Archiving
Finally, ensure that you have a comprehensive data destruction plan in place for you and your employees. It should be clearly marked and easy to understand to mitigate any mistakes when disposing of sensitive information. Also, your electronic and paper documents need to be separated and destroyed in the most effective and complete ways. In the period between use and disposal ensure the information is safely secured.
Working with a professional in confidential waste management and disposal
When it comes to carrying out a complete job on data destruction, it can be deceptively easy to try to erase any information yourself. A quick shredding of documents and a hammer to the hard drive might seem adequate, however, it is much simpler than you think to harvest information from discarded equipment and, if done incorrectly, it can allow skilled criminals to access sensitive data. With electronic devices, for example, formatting does little to fully erase the information on a drive, only making it slightly more difficult to access for someone without any tech knowledge. Even a physical destruction, if done incorrectly, usually isn’t enough as an intact hard drive can be transferred and rebuilt by someone with enough skill.
Therefore, it’s essential to work with a GDPR compliant data destruction company when looking to effectively dispose of confidential information. These organisations have the skills and the specialist equipment to completely erase all traces of data by using physical and non-physical means of destruction.
With physical data destruction, companies will utilise processes such as secure shredding, granulating and degaussing, a process which demagnetises a hard disk, thus scrambling and erasing its data. On the other hand, non-physical destruction focuses more on the wiping of data from electronic devices through secure erasures, binary wiping or purging. Both processes require specialist equipment and are equally essential in fully erasing any and all sensitive data you may be in ownership of.
Work with the data destruction professionals at Devon Contract Waste
Making sure you are effectively destroying sensitive information is essential both in protecting your business from catastrophic fines and ensuring the well-being of you and your employees against fraud. With this in mind, it’s important to work with specialists in the field of data destruction.
Here at DCW, we have been supplying the city of Exeter and beyond with industry-leading data destruction services. Our highly trained professionals are qualified to completely and securely destroy your sensitive data both through physical means or through secure data erasures, essentially bricking your electronic equipment.
We can either pick up your confidential waste via a DBS checked driver or we can bring our specialist equipment to you to destroy your waste onsite, giving you extra peace of mind. And, with our secure bins and lockable cabinets and skips, you can safely store important documents until you are ready for us to destroy it.
For more information on our range of services or to get a free quote, visit our website or get in touch with one of our operatives on 01392 690 193.