Ever since the data protection act was passed in 1998, it has been a legal requirement for businesses to securely dispose of any paperwork that contains confidential information. This measure was intended to prevent the criminal misuse of sensitive information should it fall into the wrong hands. The introduction of the General Data Protection Regulation (GDPR) placed even more emphasis on the importance of these measures, imposing heavy fines for companies that fail to comply with regulations.
So, what business documents should you be shredding? Firstly, take a look at the make-up of your business – the chances are that every single department in your company will process documents containing confidential data every single day.
In order to ensure your business is operating at the highest level of security and in compliance with all data protection laws, each area of your business will need to be appropriately organized. All important documents must be safely stored in accordance with their retention periods while any files that are no longer needed or have exceeded their retention periods will need to be securely shredded.
To help you sort the wheat from the chaff, we’ve created this helpful guide…
General Office Paperwork
- HR – Most offices will have some sort of human resources department, which will be home to documents including the personal data of employees, salary, pension and banking details, as well as any kind of restructuring plans you may have. This compilation of very sensitive data should be kept securely locked away until it is needed or its legal retention period expires, at which point it should correctly shredded.
- Accounts – Anything that could reveal financial transactions or sensitive details about individuals such as employees and customers is at high risk if improperly managed. Bank account details, salary documents, invoices and the vast majority of financial documentation are all highly sensitive documents.
- Sales & Marketing – If you conduct your sales and marketing activities in-house, you will want to check that department for redundant customer data, details of competitors, forecast sales information and any new product development information. If you are still unsure about what business documents should be shredded, think about whether or not the details contained could have the potential to harm individuals or the business. If in doubt, shredding is probably the safest option.
- Product Department – Make sure to securely dispose of work schedules, costing information, new tooling details and drawings that have served their purpose. Even the reception area could be housing sensitive paperwork, including visitor checking-in books and information about staff movements. These should also be shredded.
- Vulnerable Areas – Finally, keep an eye on the areas around the photocopier, fax machine and printers. These can become a dumping ground for paperwork that has been scanned/printed/photocopied incorrectly and these documents can often contain sensitive information. It might be worth keeping a confidential waste disposal console by all of these machines, so that employees can place their unwanted papers directly into it, significantly reducing the possibility of misuse or security breach.
Knowing when to shred and what documents need to be shredded in a law firm can be difficult. Some sensitive information needs to be kept for a long time, in case it’s needed as evidence within a case but holding onto it for longer than is legally necessary can result in large fines. Generally, dated legal information will be available in libraries or online, so your paper copy can be shredded without worry. Always check this with the appropriate authority, as the regulations regarding legal document retention can often be hard to navigate.
Financial documents that have fallen out of the company’s records retention schedule should be shredded immediately. In order to comply with GDPR, these records should be checked regularly for outdated records. Indexing your documents and using an online file management service can make this process a great deal easier.
The lines are blurred with case files; since these could potentially be used again in the future but obviously hold a lot of personal and sensitive information about the individuals involved. Documents such as will and real estate records should never be shredded and often, original documents should be kept in their original physical form – copies are not acceptable for judges.
There is a certain level of common sense that should be applied in cases of document shredding in financial institutions, healthcare, government agencies, construction companies and the retail industry. The seven-year rule applies for most businesses when handling sensitive data – anything unlikely to be used after this time should be shredded, but there are occasions when a company might still continue to store this information, for example, if it is needed for an ongoing care plan in the case of health businesses or if it relates to a financial account that is under investigation.
For more information on the industries that can most benefit from document shredding and storage services, take a look at this recent blog post on the subject.
It’s worth adding, that a traditional strip-cut shredder is not considered enough for highly sensitive documents within a business environment. As well as deciding what business documents should be shredded, you need to think about how they are shredded. Look for shredders that offer a cross-cut option, effectively turning paper into tiny pieces of confetti that nobody would ever have the hope of piecing back together.
If in doubt, refer to your company policy and GDPR guidelines regarding the disposal of business documents.
At Flexible Storage, we want to make it easier for working businesses to drive efficiencies and protect confidential data. That’s why we have developed fully GDPR compliant professional shredding and document storage services to benefit all of our business customers.