Four Ways Your Confidential Paper Waste is Putting Your Business at Risk
How your waste is putting your organisation at risk
Ensuring the confidentiality of personally-identifiable information is a challenge for every organisation. Effective management of commercially-sensitive or personal data is often difficult to achieve, both in terms of secure processing and retention, and confidential disposal.
The enactment of GDPR has only served to increase organisational risk, with the need for secure document destruction procedures, certified IT asset disposal and a complete chain of custody now more important than ever. Co-ordinated, organisation-wide policies are required to ensure that any asset which contains personal data – whether that’s a document, a hard drive or media tape – is destroyed securely and confidentially, and all staff are made aware of your responsibilities as a data processor.
Box-it Ireland has significant experience in supporting single and multi-site organisations in the implementation of robust, efficient destruction procedures, and can help you to identify and mitigate your risk of data breach or loss, through the confidential shredding of paper-based documents like HR records, and secure IT asset disposal and data destruction.
Your key areas of risk
- HR records
- HR and recruitment files, occupational health records, pension, payroll and other employee-specific records represent most organisations’ key area of risk in terms of potential data breach. It is these documents that so often contain the type of personal information that the GDPR was enacted to protect. All organisations have a legal responsibility to ensure that these records are retained securely for the required time period, and then securely destroyed.
- Commercially-confidential records
- It is best practice to ensure that commercially-confidential records, such as budgets, projections, cash flow forecasts and other organisational statements are securely destroyed. While these records may not hold personally-identifiable information, the reputational and commercial damage that could ensue as a result of data breach means that secure and confidential disposal is imperative. Putting copies in an easily accessible, non-lockable office bin is not advised!
- IT assets
- Personally-identifiable information is not just found in paper form. PC or laptop hard drives, external storage drives, back up and media tapes all require secure IT asset disposal to ensure that data loss or breach cannot occur.
The consequences of data breach
- Large Fines:
- Most employee records contain personally-identifiable information, and so fall squarely within GDPR’s remit. Data breach or loss may be penalised by heavy fines, with the maximum penalty under GDPR being 4% of annual global turnover or €20m, whichever is higher.
- Reputational Damage and Bad Press:
- Data breach can have quite severe consequences, particularly when personally-identifiable information finds its way into the public domain. The resulting bad press could affect your reputation for years to come.
- Potential Litigation:
- Heavy fines and bad press are often accompanied by the opportunity for litigation, particularly when deficiencies are identified in organisational procedure. Because of this, the importance of working with an established, reputable confidential destruction partner is absolutely paramount to the success of your records management and GDPR compliance policies.
How to protect your organisation from data breach
- We’ll securely destroy your expired records, and free up your office space
We provide a secure, confidential and fully-certified collection and shredding service for both stored archives and your office paper waste, freeing up valuable space currently occupied by documents that no longer need to be retained.
All paper records are collected by vetted Box-it personnel, before being transported to the confidential shredding facility. A complete chain of custody is maintained throughout, and a Certificate of Destruction is provided once the documents have been securely destroyed. This Certificate not only acts as confirmation that the records have been shredded, but also assists with your GDPR compliance and internal records management policies and procedures. If you would prefer that your documents are shredded before leaving your premises, we can also offer an onsite shredding service.
- We’ll securely destroy IT assets that are no longer required
Our hard drive destruction service utilises equipment that applies 8,800 lbs of force to each item, rendering the drive completely useless and making any data totally irretrievable – minimising your risk of data breach from expired IT assets. Media is also securely destroyed using best practice IT asset disposal procedures and completed by staff specially trained in this field. What’s more, our data destruction service is fully certified to enable you to demonstrate regulatory compliance.
- We’ll help you to identify how long you need to keep your records
Record retention can be a minefield, with lack of clarity leading to documents being held for longer than is required, contravening GDPR and exposing your organisation to risk. Our highly-trained team of records management experts will help you develop and implement an organisational retention schedule to ensure that records are not retained for longer than is required – help you to improve your GDPR compliance, but also freeing up valuable office/storage space.
- We’ll improve your compliance
Our certified, robust destruction process comprising the secure transportation and fully-auditable confidential shredding of records and IT asset disposal provides an excellent basis for achieving GDPR compliance.
- We’ll support you in your CSR and green initiatives
All of the files collected for secure destruction are shredded, and the resulting shredded material is recycled – supporting your organisation’s CSR or green policies.
Is your waste putting your organisation at risk?
Contact us today to discuss how our confidential shredding and IT asset disposal services can support your organisation.