FAQ: Do you provide a shredding contract?
Yes. Under the data protection act it is a requirement for data controllers to have written contracts with all their processors. The purpose of the contract is to establish the security processes and controls in place to protect data. As a professional shredding company (processor) we will supply you (the controller) with such a contract. Read on to find out more.
Our contract also details the commercial agreement - price, frequency, quantity etc.
The law does not require data controllers to sign long term commercial agreements. The contract simply needs to provide information of sufficient security measures that the data processor has in place to safeguard data.
The controller must in turn take reasonable steps and checks to ensure that the security measures are being put into practice. For example, checking companies for standards such as ISO:27001.