Yes. Customers receive a written quotation and once accepted it forms a contract. UK data legislation requires data controllers to have contracts with their data processors. The contract provides Customers with the assurance that Topwood will use all the technical and operational measures required to ensure the secure destruction of sensitive data.
The Data Protection Act 2018 (which incorporates the EU's GDPR) places increased liability on data controllers to ensure the appropriate security of their data, including the safe disposal of personal information.
Topwood's quotes outline the key terms of the commercial agreement including:
- material to be destroyed
- service frequency (ad hoc bulk shredding or regular)
- on-site or off-site destruction
- receptables (consoles, wheelie bins) and consumables (shred sacks, security tags) to be supplied, and;
- contract term (including period of notice to terminate - three months in the case of shecduled shredding).
Data controllers should not be lured into signing long term commercial agreements. Contracts simply needs to provide information of sufficient security measures that the data processor has in place to safeguard data. Such measures might include security vetted staff to BS7858, shredding industry standard EN15713 and that a certificate of destruction will be supplied once shredding had been completed.
Unlike some shredding companies, especially the national shredding companies, Topwood do not bind its customers into long term contracts. We rely on our high service levels and innovation to ensure long term partnership with customers.
Our contracts and terms of business provide customers with the assurance that the destruction of data will comply with the requirements of the Data Protection Act 2018 (GDPR).
Whenever reviewing shredding companies, data controllers must in turn take reasonable steps and checks to ensure that the security measures are being put into practice. For example, checking companies for standards such as ISO: 27001.