Site Logo

Avoiding GDPR fatigue with HSM

Over the last 18 months, it's clear that GDPR has contributed to the complete overhaul of the way we handle our data. So many have made strides forward and for the right reasons. Yet for some, GDPR is felt like a weight on the shoulders of their organisation – but does it need to be? HSM UK's Mark Harper explores.

Generally, individuals are now beginning to understand the regulation, with some questioning why data hasn't always been handled this meticulously. For data handlers themselves, although this isn't the case for everyone, steps have been taken in the right direction with many improving the way they handle confidential data and sensitive information.

Yet, there's still a looming pressure to get GDPR right. For a year and a half now, fines and dented reputations have been hanging over the head of so many data handlers. Even those who have worked hard to improve their processes and meet the new standards haven't always been able to keep up.

So this drives the question, are we in danger of GDPR fatigue? 

In July 2019, a study found that a third of EU businesses were still not compliant with the rules that were put in place a year prior. What's more, a report conducted in September found that over half of UK businesses are still not fully compliant

For those that are feeling the pressure, or even worse, falling short with data protection, it's important to take a step back and get the basics right.

For organisations, it's key to remember that not all individuals will become a GDPR compliance specialist. With that in mind, it's imperative that a business has the correct internal processes in place to support staff, and as experts have continually emphasised, raise education on the subject to at an appropriate level. 

If you take the shredding process as an example, teams within an organisation should understand the security level that they're required to cut at. For example, Finance and HR departments should consider destroying their highly sensitive documents by cross-cut shredding to a level of P-5 or above, whereas it is more appropriate to destroy documents within a general office environment at the lower P-4 security level. It's this level of education and understanding that could be the difference between compliance and a GDPR breach.

Routine is also crucial. For those dealing with paper documents containing highly confidential or sensitive information, shredding procedures should be encouraged as part of a routine. Whilst it's a step in the right direction to own an internal shredder system, it's not enough if they're not being used correctly. Staff should be encouraged to deal with confidential documents and shred them at the point of use as soon as they are no longer needed. Whole documents left waiting to be disposed of are at risk, and only once shredded appropriately is information totally secure.

With this in mind, teams may benefit from employing what is known as a clean desk policy – helping to ensure that sensitive information is out of sight of visitors and third parties that are visiting an organisation's office space for example. 

To implement an effective data security process, continual investment (both time and financial) is key. As we know, data protection has changed, and organisations must now support their staff to assure compliance.

The pressure is invited upon organisations that have, and still continue to, approach GDPR in the wrong way - it has never been enough to view it as an afterthought. Only when data security is taken seriously will organisations be able to alleviate the pressure associated with GDPR.

Company Details

HSM PAPER SHREDDERS LTD

14 Attwood Road
Zone 1
Burntwood Business Park
Burntwood
WS7 3GJ
UNITED KINGDOM

01543 272480

www.hsm.eu

More News
1 month ago
How to build trust in the workplace
Business specialists at TelephoneSystems.Cloud have named five ways to build a trusting relationship among employees and senior staff members.
1 month ago
Telehouse powers up Transatel’s connected car services with partnership
Telehouse has partnered with global cellular connectivity solutions provider, Transatel (a subsidiary of NTT DATA) to strengthen the digital infrastructure for Transatel’s expanding connected car business.
1 month ago
New checklist to help small businesses avoid cyber-attacks
Compliance experts, Skillcast is warning small businesses of significant fines and risks that would be devastating if they don’t protect themselves from cyber-attacks.
1 month ago
Sophos expands with new Partner Care offering
Sophos, experts in innovating and delivering cybersecurity as a service, is expanding its commitment to the channel with the addition of Partner Care, a new offering in its partner program that features a team of Sophos experts who handle non-sales related questions and operational support.
1 month ago
SailPoint launches MSP programme for Identity Security Cloud
SailPoint Technologies, experts in unified identity security for enterprises, has launched a Managed Service Provider (MSP) offering that gives select partners the ability to deliver and manage SailPoint Identity Security Cloud for customers around the world.
1 month ago
Guardpack invest in market expansion with new appointment
Wet wipe and sachet manufacturer, Guardpack, has appointed James Tucker as General Manager. James will be responsible for leading market expansion and new R&D initiatives.
1 month ago
TD SYNNEX extends OpenMPS support to Epson Workforce A3 series
TD SYNNEX has integrated the Epson Workforce Enterprise series of A3 copiers and printers into its OpenMPS-managed print service.
1 month ago
Over 2/3 IT security decision-makers to increase cybersecurity budgets
Infosecurity Europe has announced findings from research into the cybersecurity budgets of organisations, with 69 per cent of surveyed IT decision-makers citing that they have seen, or will see, their cybersecurity budgets increase between 10-100 per cent in 2024.
1 month ago
Evolve IP welcomes new reseller partner
Unified communications service provider, Evolve IP, has added a new name to its reseller recruitment drive.
1 month ago
Vectra AI and Gigamon announce new OEM partnership
Vectra AI, experts in hybrid attack detection, investigation, and response, and Gigamon, a deep observability company, have announced a new OEM partnership to deliver intelligent extended detection and response (XDR) across hybrid cloud environments.

Login / Sign up

xxx