The new GDPR standards came into play on 25th May 2018 and throughout the period running up to that date, and beyond even into this year, we have seen a wide range of companies in all sorts of industries go into a complete frenzy as to how to deal with the strict new regulations. With a threat of massive fines to those companies not adhering to the new rules once the grace period was out of the way, how is the UK looking just over a year later in terms of dealing with the challenges and threats of GDPR?
GDPR was implemented as a way providing the individual with a greater set of controls regarding the personal data that companies collect and store. We can definitely see already that the way data handling is processed in every industry is completely different to how it was pre-GDPR. The role of Data Officer has become much more prominent and important than it ever has before, and there is now a well-rounded understanding and discussion about GDPR in real terms from the vast majority of companies in the UK.
One way in which you can see a clear demonstration of the impact of GDPR is in the increase in sales of home and office shredders, as well as an increase in those companies seeking out professional document shredding services. If you are responsible for looking after the data control in your company you should consider hiring the professional services of a document shredding company close to your location. This ensures that all materials that could hold sensitive and personal information but you do not wish to store, can be disposed of in a fast and secure way, with paper shredded and sent for recycling. Your company is covered for GDPR and is also lowering its carbon footprint in the process.
Even with the clear changes and proactive approach by many companies since GDPR it is important that compliance is an on-going and evolving process, and this can be challenging. This is especially a challenge when you consider the problems a company will face if they get it wrong.
The Information Commissioner’s Office (ICO) has been charged with following those failing to comply with GDPR, and a company can be fined for not handling an individual’s data correctly. There have been over 200,000 individual cases reported in the first year of GDPR, with investigations and fines against even the National Health Service (NHS) – with one example being a London Medical Centre leaving sensitive paper documents in an unsecured building.
Paper documents are a crucial aspect of GDPR and it is here where an underlying issue continues for those looking to closely follow data protection protocols. It is clear that there should be more focus on paper documents, and not just consider the creation and handling of digital data (which many companies assumed should be the priority when dealing with GDPR). Without maintaining a focus on GDPR over all aspects of data handling, a company could slip in standards.