Since the new one came into force on May 25, 2018 General Data Protection Regulation (GDPR), the process of destruction of confidential documents containing personal data of third parties, be they customers, employees or suppliers, by companies, has taken on particular importance.
It is common for many companies store in their files a large number of documents, whether invoices, payroll or customer lists, which although over time have become unusable, contain a series of personal data that must be kept confidential, so it is not possible to get rid of them by throwing them in the trash, simply by breaking these documents into four pieces.
Otherwise, as established by the GDPR, companies could face penalties ranging from 10 to 20 million euros,or from 2% to 4% of the company’s annual turnover.
Therefore from AYCE we wanted to offer you a series of practical tips for the destruction of confidential documents,in accordance with the new RGPD, which will allow you to comply with the law and protect the information in said documents.
Why should confidential documents be destroyed?
One of the main indications of the data protection regulation is that any company that works with confidential data of third parties, must be in a position to be able to prove the origin of such data,as well as that they have been obtained legally.
The correct destruction of documents is essential to comply with the requirements of the RGPD
This makes it advisable for those stored documents that contain confidential data, of which their origin is not known, is to destroy them, thus avoiding that they can be available to anyone. In addition, the destruction of confidential documents will allow you to increase both the order in the company, as well as the space.
How to destroy documents with sensitive data based on the GDPR
Those companies that destroy documents that contain confidential data in a traditional way, will be in breach of the GDPR, so it is essential to walk with leaden feet and destroy the documents in the appropriate way,in order to avoid having problems.
According to the GDPR, three are the right methods to destroy confidential documents
If we start from the basis that the GDPR requires that when destroying a document, it must remain totally unusable and unreadable, in order to maintain the confidentiality of the data it contains, it is clear that it will not be enough to break the document into four pieces and throw it in the trash or in the recycling bin.
That said, the GDPR itself indicates three possible methods to proceedwith the destruction of documents, which we tell you about below:
#1 – Incineration of documents
There is no doubt that the incineration of documents guarantees the illegibility of the data contained in the documents, although we at AYCE believe that it may not be the most recommended option, given all that it implies. Even so, there are many companies that opt for this method.
But if we opt for the incineration of documents, a number of aspects must be taken into account, since it will not be possible to burn the documents anywhere,but it will be necessary to have perfectly prepared facilities, which will guarantee that the fire will not get out of control and that there will be no problem.
#2 – Document shredding
The shredding of documents is a much more recommended option than incineration, since you can carry it out in your own offices, since all you need is a paper shredding machine. The only problem comes when you have to delete large amounts of documents, as the process can be quite tedious.
But with this method you also have to be alert, since it is essential that the destroying machine is able to destroy the documents correctly,guaranteeing that they can not be rebuilt, and that the data they contained will not be accessible.
#3 – Hiring an external company
And as a last option we have the possibility of hiring the services of an external company that is responsible for the process of destruction of documents,and that undoubtedly, is the most recommended and also the most effective. And it is, for several reasons:
The first of all, because the external company is responsible for collecting the documents in the facilities of your company,guaranteeing their confidentiality at all times, and also the destruction process.
These companies usually have large capacity paper shredders,which are capable of completely destroying large quantities of documents, which they then recycle in an environmentally responsible manner.
In addition, once the documents are destroyed, these companies deliver a certificate of recycling and destruction of documents,which guarantees that the company has destroyed the documents in compliance with the requirements of the GDPR.
With the entry into force of the new GDPR, the destruction of confidential documents by companies has become more important than ever,in order to maintain the confidentiality of the data they contain. This means that extreme precautions must be taken and documents must be destroyed in such a way as to guarantee their unreadability.
If you have any questions regarding Data Protection in your company, do not hesitate to contact us.