It seems as though the UK has been waiting for the General Data Protection Regulation deadline for a while. Now, May 25th has arrived. Are you taking a huge sigh of relief or will you be taking a deep breath in anticipation of what GDPR could present? Mark Harper, Head of Sales for HSM's Office Technology division in the UK and Ireland, explains how you can remain compliant whether you've already prepared or not.
Concerning figures released in April 2018 highlighted that only 5 per cent of organisations are fully prepared for GPDR. The businesses yet to have taken notice of GDPR may suddenly be caught in the headlights, potentially resulting in heavy fines and more. However, it's not only the fines that are a present danger. A recent survey conducted on UK SME's found that over half consider a damage to reputation as their biggest concern from GDPR.
Yet, despite the possible ramifications there's no reason for concern. There are simple checks and modifications you can make to your data handling processes that can keep you compliant.
Simple changes go a long way
Training staff on GDPR guidelines helps to remove the possibility of data breaches through human error. Staff should understand that GDPR is now going to affect their daily routine at work and that they have someone or something, such as a guide, to refer to if they feel necessary.
A shred-all policy is one of the most clear-cut ways to ensure you remain secure for GDPR. As soon as confidential documents are no longer necessary you should look to shred them there and then. Shredding all documents at the source renders them useless at the point of use. Think, if you bin it, then you should be shredding it.
Advice also leans towards the mantra of shred little and often. Shredding documents as soon as they are no longer required is another effective way of removing any risks left by confidential documents.
What's more, the most secure way (according to the DIN 66399 standard) to remain data compliant is to have onsite shredders dispersed around the office so that they are easily accessible to all.
Shaping the Future of Data Handling
Although shredding is one of the key solutions for GDPR, you still need to ensure you're shredding suitably.
Whilst some may still be opting for the seemingly convenient off-site shredding services, this isn't necessarily the best action to take. Concerns over cost-effectiveness, and more importantly security, continue to linger over the external services on offer.
Retain control in-house by shredding internally. It's safer and securer to ensure a company-wide awareness and furthermore, the processes mentioned earlier, are practiced.
Post GDPR – Remaining Compliant
There are likely to be some businesses that are caught out by GDPR. That much is inevitable.
Even if you're doing the right thing and following compliance policies, it's important to remember that awareness doesn't stop on the 25th May. Keep yourself and your employees updated on any external accounts of GDPR slip ups and adapt if necessary.
The main point to consider is that processes should be considered as routine and not something that is done periodically or neglected shortly after the 25thMay. Ensure you and your staff understand the processes that need to be or have already been put into place. Think about those ancient HR records no longer in use containing personal information of ex-employees or private and confidential company accounts.
Act responsibly and act now, because whether you're ready or not - GDPR is here.