What is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. The GDPR places more liability on data controllers to ensure appropriate security of their data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Article 5(2) requires that “the controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

The GDPR definitions are broadly the same as the principles of the Data Protection Act (DPA) but the GDPR places specific legal obligations on data processors, for example records of data and processing activities must be maintained. Processors will have significantly more liability if responsible for a breach.

However, if you are a controller, the GDPR places further obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR. It is essential for organisations to conduct data mapping in order to identify where data is being processed, who has access to personal data, along with having secure processes in place for data handling, storing and destroying. For more information see here.

With the new GDPR regulations due to come into effect on 25th May 2018 organisations in the UK and EU need to have the processes in place to enable individuals to have the ‘right to be forgotten’. As part of the data mapping process, organisations are required to monitor all 3rd party data processors like shredding and storage companies as they come into contact and have access to individuals’ data. There are many opportunities for security breaches in any organisation. Use our self assessment questionnaire on the left to see where your there may be gaps in your organisation.

In terms of data destruction, Topwood highly recommend on-site shredding as it is the safest option. On-site shredding can also result in huge time and cost savings as our industrial paper shredders can shred approximately 1.8 tonnes in 60 mins, compared to office paper shredders which waste employee time and compromise security. On-site shredding also offers improved compliance and transparency by providing proof that the data is being destroyed to security level EN15713 with vetted staff to BS7858 and allows your organisation to be in line with the new GDPR regulations.

If you are currently using off-site shredding, make the switch now to on-site to improve your security at NO EXTRA COST. Contact us to find out more.

To help you get prepared for the GDPR deadline we have created a 5 step guide for your information.

Download our guide by clicking on the image below