Businesses are likely to handle a significant amount of confidential information on a day to day basis. Whether it’s about accounts, clients or employees, this data could cause a variety of problems for a businesses’ operation and in a worst-case scenario, lead to serious legal action or a hefty fine.
Go Shred shares five tips to correctly manage confidential information:
1. Understand your legal obligations
Since May 2018, businesses in the UK must comply with the General Data Protection Regulation (GDPR). This regulation has been implemented in all local privacy laws across the entire EU and EEA region. It applies to all companies selling to and storing personal information about citizens in Europe.
GDPR means that EU and EEA citizens have greater control over their personal data and can be assured that their information is being securely protected. According to the GDPR directive, ‘personal data’ means any information related to a person such as a name, a photo, an email address, bank details, updates on social networking websites, location details, medical information, or a computer IP address.
GDPR applies to all businesses and organisations established in the EU, regardless of whether the data processing takes place in the EU or not. If your company offers goods and or services to citizens in the EU, it is subject to GDPR.
Under the legislation, companies that work with personal data should appoint a data protection officer or data controller in charge of GDPR compliance. Any businesses which fail to comply face severe penalties of up to 4% of their annual global revenue or 20 million Euros, whichever is greater.
2. Recognise what confidential waste is in your business
Confidential waste refers to any document or device that contains personal data about customers, suppliers and employees. It also includes data that could put your business at risk if read by a competitor or the general public. This might include financial data, business plans, intellectual property, business processes, patents, designs, manuscripts, branding and marketing strategies.
To correctly manage and dispose of this information, businesses need to be aware of all the different types of confidential documents staff could be handling on a day to day basis and which may leave them open to GDPR or security breaches. These could include everything from meeting notes/agendas, internal manuals, contracts and commercial documents, CVs, expense forms, payroll information, supplier information, ID or access cards to any documents containing personal information such as names, addresses, phone numbers or email addresses. It’s essential to recognise the risks leaving these types of documents around could bring to your business.
Creating formal training and guidance for staff around these types of documents is a great way to ensure everyone is aware of their roles and responsibilities when handling confidential information.
3. Preventing security breaches
Correctly handling confidential information can help to avoid security breaches which could get businesses in hot water. Document shredding and secure confidential waste disposal are an effective way of disposing of confidential information to avoid future security breaches.
Businesses are often made aware of cybersecurity risks, but they are also at risk of a breach from incorrectly disposing confidential paperwork. It’s important to have procedures in place to correctly dispose of this information in order to avoid a breach as well as a potential fine.
4. Forming a confidential waste disposal policy and procedure
There are four simple steps businesses can take to manage confidential business waste:
- Create a list of all the documents and files you need to shred or destroy
- Choose the type of document shredding or destruction service you want to use and set up with a reputable company
- Write a confidential waste disposal policy and communicate it to your staff
- Set up a safe and secure storage area which should include sealable bags, lockable confidential waste cabinets or lockable wheelie bins are good options
Implementing processes and policies can give staff the confidence to deal with confidential documents that are no longer needed and dispose of these correctly. A confidential waste disposal policy should outline how long your business must keep a document for, where it should be stored for shredding (for example, in bins or bags) and when and how it will be shredded.
A confidential waste disposal policy should form part of a businesses records management policy. This should cover how and when documents are transferred to off-site storage or are destroyed. If employees are clear about handling confidential waste, then security breaches are much less likely to happen.
If staff have moved to work from home during the COVID-19 pandemic, this should be updated in a business’s policies and procedures. Working from home presents new risks to potential data breaches and staff should be advised on how to dispose of any confidential paperwork they may have printed or taken home with them.
5. Storing confidential waste
Once a business has set up a waste disposal policy and outline the procedures to staff, they’ll need to set up a secure method of storing confidential waste and documents in between collections. The majority of shredding companies will be able to provide suitable storage for the business’s size and nature, but it’s worth checking this with them beforehand.
When it comes to setting up these containers to store confidential waste, set them in a designated area of the office and make sure staff are aware of where they are. If a business has opted for a lockable system, they’ll need a process in place for accessing it.
Experts from Go Shred recommend nominating a person or a select number of employees to be key holders. It’s also important to monitor how full the bins, bags or cabinets are each month and assess whether the business has a suitable amount of storage space for the volume of confidential waste being produced.
If staff are now working offsite due to ongoing government restrictions, it’s essential to provide advice on how to safely store confidential information at home and even provide secure units or mini shredding bins in order to meet GDPR requirements.
Mike Cluskey, Managing Director at Go Shred said: “Safely managing confidential information is essential for all businesses. A security breach could be a big hit to any business and result in a hefty fine. Taking the necessary precautions to understand the types of confidential waste created within your business and creating a policy to manage this is a simple step that could benefit you later down the line.
“2021 is the perfect time for businesses to take a look at their current procedures and how these can be improved. And whilst employees are potentially working from home, speaking to your providers about off-site shredding so you can properly keep up with your confidential waste management.”