Yes. All of our customers receive a contract with their quotation. Under the data protection act it is a requirement for data controllers to have written contracts with all their processors. The purpose of the contract is to establish the security processes and controls in place to protect data. As a professional shredding company (processor) we will supply you (the controller) with such a contract. Read on to find out more.
The introduction of GDPR changes to the new Data Protection Act next year emphasise the increased liability placed on data controllers to ensure appropriate security of their data, including safe disposal of personal information.
At Topwood, we supply short contracts to our customers outlining the details of the commercial agreement such as the quoted price, service frequency, quantity etc. This is the case for our document shredding and media shredding services too. See an example of our on-site shredding contract below.
Data controllers should be aware that the law does not require data controllers to sign long term commercial agreements. The contract simply needs to provide information of sufficient security measures that the data processor has in place to safeguard data. Such measures might include security vetted staff to BS7858, shredding industry standard EN15713 and that a certificate of destruction will be supplied once shredding had been completed.
Unlike the big national shredding companies, Topwood do not tie you into long term contracts, we simply supply a contract to ensure you are aware of our services and that we are GDPR compliant. Whenever looking at shredding companies, the controller must in turn take reasonable steps and checks to ensure that the security measures are being put into practice. For example, checking companies for standards such as ISO: 27001.