Any personal information that can be used to identify individuals businesses, such as their name, address, phone number, or financial information, is classified as confidential waste.

Additionally, it includes information that, if read by a competitor or the general public, could put a person or business at risk. This includes ( and is not exclusive to) documents such as contracts, financial data, employment records, intellectual property, marketing strategy, business plan and NDAs.

Even memos, handwritten notes, emails or letters, if they contain personal information such as emails or addresses, are examples of confidential documentation that must be properly disposed of.

What regulations are in place?

Since 1998, the Data Protection Act has required businesses in the United Kingdom to collect, store, and destroy confidential data securely. Failure to comply with these regulations may result in fines of up to £500,000 or even harsher penalties for serious violations. In May 2018, the General Data Protection Regulation (GDPR) was implemented to strengthen already strict data protection laws. This legislation placed a greater emphasis on the documentation required by businesses to demonstrate compliance with Data Protection Laws, particularly with regard to the proper disposal of confidential waste.

UK GDPR Regulation applies to all organisations with a physical presence in the United Kingdom that processes personal data of any kind. It also applies to controllers and processors located outside the United Kingdom if their processing activities involve the provision of services to UK-based organisations.

Your obligations

A business must adhere to the laws outlined in the General Data Protection Regulation (GDPR). This law holds businesses accountable for safeguarding individuals’ personal information. If your business violates GDPR, you may face a fine of up to 4% of your annual revenue or £17.5 million — whichever is greater.

Both online and paper-based data breaches can result in substantial fines for businesses. The Information Commissioner’s Office (ICO) website—the body responsible for enforcing GDPR—details the violations for which it has fined businesses.

This can range from a few hundred pounds for individuals who gain unauthorised access to personal records to hundreds of thousands of pounds for businesses that fail to protect their customers’ digital data.

Breach of security puts your customers or employees at risk and infringes on their privacy. Depending on the severity of the data breach, the consequences can range from minor inconvenience to financial loss or emotional distress.

What documents need destroying?

When deciding which documents should be destroyed, you should make sure to destroy the following document.

Client or customer information:

  • Client or customer contact details
  • Printed correspondence (especially when it contains information that can be used to identify people)
  • Any documents containing personal information
  • ID documents (especially picture)
  • Contracts

Financial data:

  • Tax returns
  • Budget documents
  • Bank and card statements
  • Copies of sales receipts
  • Voided cheques
  • Payroll

Employee information:

  • CVs
  • Employment records
  • ID or access cards
  • Disciplinary reports
  • Absence and sickness information
  • Promotion and employee review documents

Company information:

  • Company strategy
  • Pricing structures
  • Company structure documents
  • Supplier information

How should you dispose of confidential waste?

There are certain rules to follow when disposing of confidential waste. You cannot simply put your documents in the recycling bin.  

  1. Make a detailed list of all documents and files that require shredding or destruction.
  2. Select and configure the type of document shredding or destruction service you wish to use.
  3. Create a confidential waste disposal policy and make it available to your employees.
  4. Establish a safe and secure storage area.

Whether or not you are storing your files with us, when they reach the regulatory retention period, we can arrange for them to be picked up and securely destroyed. If you already store your files, we can set a flag in our system to alert you when your boxes are approaching their expiration date. In either case, the records will be securely destroyed, and a certificate of destruction will be issued. Providing you with an audit trial from start to finish.

If you wish to learn more about confidential waste disposal, visit our website. If you are interested in our confidential waste disposal service or any other services, get in contact with us.

May 19, 2022