Dan Diehl, Paul O’Malley & Lou Ronsivalli.
Are You on Track with GDPR?24 February 2018 / by HSM GmbH (author) / Frickingen
Mandatory changes to how data is protected across the European Union will take effect soon.
However, questions about the readiness of UK PLC for GDPR persist, following a research finding n November 2017 that only one-in-five large businesses is ready for the new data protection requirements.
There's little need for panic yet, however, as it can take considerable time for large organisations to put new processes in place.
Moreover, other reports published around the same time suggested four in every 10 businesses had a detailed GDPR compliance plan in place: a figure that is likely to have increased as 2018 approached.
Yet despite the tendency to focus on high-tech data compliance solutions, there are simple measures companies can introduce to protect themselves; with shredding of documents being the one we're going to focus on in this article.
Starting with the best form of defence
Many organisations are under the impression that external shredding services may be their best option, which isn’t the case.
Subcontracting is seemingly the easy option for some, with shredding being taken off-site for someone else to deal with. Yet, what is commonly forgotten is the question marks above off-site cost effectiveness and security levels.
Investing in an in-house shredder removes those questions about cost effectiveness and the security levels of your shredding. An in-house solution can be up to 80% cheaper to operate over a five-year period compared to a third party shredding service.
Not only this, but your organisation then has the peace of mind knowing that you’re shredding at a level that keeps your data secure. In-house shredding means your confidential information is destroyed immediately, rather than sitting around, complete, in sacks or consoles that can be easily accessed for days or even weeks. All positives then, but first, you must identify your required shredding security level - classified by a DIN level scale.
DIN 66399 Security Levels – Better safe than sorry
As organisations begin to move towards a shred-on-site system, DIN security levels can no longer be ignored. A way of defining the different type of cut, DIN levels are able to help determine the appropriate security level for your requirements.
DIN security levels range from P-1 to P-7, with security level P-1 recommended for ensuring low level documents (such as out of date brochures) are illegible and level P-7 being classed as military grade protection which turns paper into the tiniest of particles.
Generally, HSM recommend most organisations use a minimum security level of P-4 for general office shredding to ensure protection from potential breaches. However, there’s an increase in organisations choosing the higher P-5 security level for departments such as HR and Finance, where highly confidential personal and commercial information is handled.
However, this isn’t always the case for each user. View HSM’s essential GDPR guide to data protection and recommended security levels for a further understanding into the security levels on offer.
Organisations must begin GDPR protection by defining a security level that keeps them protected.
Selecting the right shredder
Determining the correct security level is just the first step when choosing your shredder.
The person involved in GDPR for your organisation, such as a data protection officer, needs to consider the appropriate security level, where as facilities managers will need to consider other practical factors.
What size paper will you be putting into your shredder, A4, A3 or wide computer fed paper? How many pieces of paper will it need to shred in one pass? What size shredder is going to be most suitable based on the space available?
Bin volume must also be considered. Ideally your shredder should only need to be emptied once a day. An approximate measure is that 100 sheets of A4 paper shredded at a P-4 DIN level will typically take up around 8 litres of space. If you think your daily shred volume is around 1,000 sheets per day, your organisation will be better suited to a shredder with a bin size of at least 80-100 litres.
Additionally, key decision makers will need to know if a shredder is likely to be used for long periods of time. If so, it will need a continuous run motor which removes the frustration of your shredding overheating half-way through a job.
Essentially, offices should make a realistic estimate of the amount of use a shredder will have and consider the best solution before making the final decision.
Prepare Now, Save Tomorrow.
The need to prepare for GDPR is vital and investing in a shredder is the right move for many UK organisations.
Shredding with a well-designed in-house solution allows you the peace of mind of knowing that you’re shredding documents at the required level and destroying them immediately. Deciding on the right choice of shredders and locations, as part of an overall data protection plan, takes time and thought. Organisations need to be doing this work now rather than making last-minute panic buys when the time comes in May.
By preparing now, you would not only be protecting your organisation’s sensitive data, but also saving yourself stress tomorrow.