31 Aug What is GDPR and how will it affect my business?
Are you thinking What is GDPR?
You may have seen several news stories in recent months about the potential impact of new data protection rules.
GDPR – General Data Protection Regulations – come into effect across Europe in May 2018. Britain’s decision to leave the EU won’t exempt our businesses and organisations from these new rules, the UK government has confirmed.
It’s the biggest change to rules about the way data is handled, processed, and held in the past 20 years.
It presents a big challenge for businesses of all sizes.
The main changes:
- There will be a more rigorous regime for data protection and steeper fines of up to 4% of global turnover or €20 million for more serious breaches, whichever is the higher. Now, the Data Protection Act has an upper limit fine of £500,000 for breaches. In the future, there is the real danger that serious a data protection breach could bankrupt a company.
- Individuals now have the right to be forgotten online as well as the right to know what information is held about them and to amend it.
- Categories of data controllers and processors are created. Processors have significantly more legal liability if there is a breach than under the current system. They must keep records of what personal data is held and how it is used. Controllers must show their contracts with processors comply with GDPR rules.
- The definition of personal data is expanded to include IP addresses. Special data will include biometric data which can be applied to an individual, and genetic data.
- The rules now also govern paper records.
- Data breaches where there is a risk to the rights and freedoms of individuals must be reported to the relevant authorities within 72 hours, and businesses must inform the individuals affected directly where there is a high risk.
How does this affect the way you deal with waste?
It’s clear that protecting data and dealing carefully with confidential records is more important than ever.
Your business’ future may depend on it. It won’t be enough to have a good firewall and security system online, if the way you deal with paper records is sloppy, for example.
There are key things you need to do:
- Have systems in place to deal with confidential paper waste and waste such as old hard drives or flash drives which might contain data.
- Have a chain of evidence in place that items were dealt with safely. If there is a breach, you need to prove you’ve done everything you can to avoid it.
- Ensure anyone processing confidential waste for you understands their legal obligations under GDPR.
- Have systems in place for reporting breaches to the authorities or those affected.
Why choose Inspire Waste Management?
We have all the systems you need to handle confidential waste.
Alongside secure shredding of confidential waste paper, we also offer businesses services such as hard drive shredding.
We offer certificates of destruction, allowing you to prove your business has acted responsibly.
All the paper and media we process is collected by BS7858-vetted staff.
It is also destroyed or recycled to the BS15713 standard.
That means you know your confidential waste is in safe hands.
We also free up your own staff to do their core work – rather than spending hours shredding items.
Need advice on getting your business ready for GDPR? Call our experts on 0191 6824142.