The General Data Protection Regulation (GDPR) was incorporated into UK law 2018 as the Data Protection Act (2018). It stipulates a range of laws designed to safeguard personal data, as enforced by the Information Commissioner's Office. The data in question – such as a person's address, name and bank details - could be used by criminals to commit identity fraud. With large fines awaiting businesses that fall foul of these rules, many have expressed concerns about compliance. Here are four key things to be aware of:
Firstly, you should make a list of the documents your business uses. Not all of these require secure storage. However, if your list includes any of the following paperwork – it is subject to the new legislation:
-Customer information like telephone numbers, payment details and addresses
-Employee files featuring personal data
-Any files that can identify people personally
-All types of medical files
Businesses that handle sensitive documents of this kind should review their storage methods urgently. Several well-known brands have been caught out already by failing to do this.
GDPR allows people to inquire where, how and for what reason their personal data is being used. The ‘right to be forgotten’ is a key rule under the legislation. Basically, this means that you are obliged to destroy the data you have about someone, if they ask you to do so. A professional document storage firm can access this data quickly, in both electronic and physical form, if someone makes such a request. This is a vital element of compliance because all data requests must be actioned within a month.
Under GDPR, certain documents have to be destroyed safely after a specified duration, for instance once a tax period is over. It is wise to have these documents collected and shredded by a secure document storage firm. This way, you will not need to depend on your staff to carry out this important task.
Generally speaking, a secure facility is the best place to store documents containing sensitive, personal data. However, any documents stored on your business premises should be kept in locked cupboards. Instruct your staff not to copy or print any documents unnecessarily. Also, keep accurate records of where the files are situated and the number of copies that exist. This will prevent the documents from being mislaid through carelessness, or taken by burglars. Always inform the Data Protection Authorities (DPAs) about any breaches of data.
Businesses that fail to observe GDPR can be fined heavily and suffer severe reputational damage. For these reasons, outsourcing document storage to a firm like CAS Ltd – that is totally compliant with the legislation - can lessen the impact of GDPR on your operations. This will take the pressure off you and your staff, and free up your time to perform core business activities. Contact CAS today to learn more.
Image source: Pixabay