post lockers

Keeping physical data under lock and key can help you stay compliant with the GDPR

There has recently been a huge change in the UK with regards to data protection. The EU General Data Protection Regulation (GDPR) came into force on the 25th May 2018, providing additional protection to consumers in regard to who contacts them, why and what information is held about them. This legislation will replace the current Data Protection Act, which we all know so well, and will continue to be in place even after Brexit next year.

For businesses, the impact of failing to comply with this legislation are harsh. Fines of up to €20,000,000 can be imposed, or as much as 4 per cent of company turnover, so it’s crucial that every company stays the right side of the law. The GDPR’s main focus may seem to be on digital security, but it’s also crucial that you maintain the security of your physical mail and paper documents too. After all, a breach is a breach, however it happens.

Here are some key pieces of information you’ll need to keep in mind regarding your paper mail and the GDPR:

  • You need to be able to find anything, fast: The ‘right to erasure’ within the GDPR means any individual can demand the complete deletion of all personal information you hold on them, and that means you’ve got to be able to find it. Not having a suitable filling and tracing system in place could cost you time and money.
  • You need to know how many copies you made: All too many of our paper records exist in duplicate, triplicate or more. If you’re in the habit of photocopying data to share with others, you’ll need to know precisely where every copy has gone.
  • Your documents need to be highly secure: Paper documents are as vulnerable to theft as digital ones, perhaps more so because they can be left lying about for anyone to take. As well as training staff on document sensitivity, you should have appropriate storage facilities for documents, mail and suchlike. Lockable filing cabinets, post lockers and secure archives are not just a ‘nice to have’.
  • You should be actively managing retention periods: As with the Data Protection Act, the GDPR states that you should not hold personal data for any longer than necessary but may be kept longer for the purposes of history, statistics or public interest. However, if there is no reason to keep a record any longer, you should have a system in place for identifying it and destroying it, along with any digital copies, photocopies and other copies of the record.

Ensuring compliance with the GDPR shouldn’t be too hard for any business who regularly manages sensitive data, but for many companies it’s given them a bit of a shake up to get their data management in order. If you think you could do with improving your paper security measures, talk to our team about locking filing cabinets, post lockers and more solutions to keep compliant.

Leave a Reply

Last Modified / Updated on: June 27, 2018 at 3:27 pm