GDPR data protection covers the entirety of your business’ possession and use of personal data provided to you by people outside your company. A company’s relationship to its customers’ and potential customers’ data can be divided into three stages: the beginning, the middle and the end. Each stage has its own obligations and duties to ensure the security of people’s personal information.
Your GDPR data protection responsibilities start when you ask for the data online, over the telephone, in writing or in person. How you ask is important. People are entitled to know you are collecting data, who is responsible for your data security, and how you will use their information. You are obliged to collect only the data your company genuinely needs. Aside from your legal responsibilities, it fosters trust with your customers and potential customers when you explain what you are doing with their data, as well as how and why you are doing it.
The middle refers to your obligations to store and use their data securely. Even if you outsource any type of processing using that data, you still have responsibilities: as a data controller, you are also responsible for storing that data safely. This includes electronic and paper formats. Paper is simpler to keep safe: doors and file cabinets that lock, and staff taking their duties seriously, should do that job. Electronic security is far more complicated, and involves your company’s cybersecurity and backup systems.
The end of your company’s relationship with an individual’s details is where data shredding services come into the story. Much like you have an obligation to keep the data safe, you also have an obligation to securely destroy that data at a certain point. When that point is depends on your industry. Some fields, such as legal and medical services, have their own standards in that regard. It is critical that every company know how long they are obliged to retain records based on the regulations relevant to their field.
Paper files can be shredded in the office by your own staff, although that does take them away from their primary job duties and tends to create mess and noise in the office. Another option is to hire onsite data shredding services. A mobile shredding unit can be sent to your premises either on a once-off, as needed basis or on a regular schedule.
Hiring professional Cyclone for data shredding services has a number of benefits. You can deal with one familiar company to destroy paper files and hard drives. We provide a Certificate of Destruction to confirm you’ve met your GDPR data protection obligations. All shredding is done in our mobile shredding unit, keeping noise, mess and disruption away from your busy staff.
Visit our once-off onsite shredding and scheduled services pages for more information. For electronic data, we also offer hard drive shredding.
If you are considering disposing of sensitive information soon, contact us. We can advise on what the best option for you might be. Our team is readily available via email, or phone – or you can fill out our quick contact form and Cyclone will give you a callback.