GDPR: Just shred it?

2018’s big concern is a data breach, but, says Mark Harper, having a policy for shredding both paper and digital data, will decrease the risk of non-compliance with GDPR.

Shredded paper image

The General Data Protection Regulation (GDPR) update is imminent. Yet a substantial amount of business managers across the country aren’t even aware of the changes, let alone ready for them.

Research has highlighted that in the UK 84 per cent of small business owners and 43 per cent of senior executives of larger companies are unaware of the forthcoming GDPR. These numbers are worrying, as businesses up and down the country are facing hefty penalties once GDPR is enforced, so we make no apology for repeating the message.

Reduce risks and noncompliance issues by shredding your data.

Mark Harper image
Mark Harper

The revised regulations apply to controllers and processors of data. Both parties can be held accountable in data breach scenarios, with the main issue being the unauthorised disclosure of personal data. To combat this, businesses must demonstrate procedures that comply with the key principles, such as planned shredding processes.
In terms of financial fines, as of 25th May 2018, breached organisations could find themselves facing penalties with an upper limit of €20 million, or 4 per cent annual global turnover, whichever is higher of the two figures. For many businesses, being hit with such fines will inevitably put them in jeopardy of closing down, and will cause a knock-on effect for the wider economy too.
Clearly, the financial ramifications could be hugely detrimental, but they’re not the only danger. A data breach can damage your organisation in other ways, such as denting brand reputation, customer confidence or allowing competitors to take advantage.


Don’t leave yourself unprotected. There are various processes you can use to ensure data, whether digital or manually collected and stored, is secure. In the first instance, having a clear data protection and shredding policy is one of the best ways to help you be compliant with GDPR. Many shredders now allow you to shred paper and CDs. Additionally, hard drive shredders possess the capability to shred digital data carriers, further decreasing the chances your office will suffer a data breach.

In many cases, data will often be left lying around the office, which is a threat to your business. Old data that’s no longer required, on a hard drive or paper, is particularly dangerous. Ensure your office has procedures for shredding old data as soon as it has been used for its purpose, or you could find yourself in hot water.

Royal & Sun Alliance Insurance were stung when a hard drive was stolen from company premises by a member of staff or a contractor. The personal information of nearly 60,000 customers was held on the device and was never recovered. Ultimately liability was traced back and Royal & Sun Alliance Insurance were fined a sum of £150,000. Don’t leave old data lying around.


Reducing sensitive paper documents into non-legible particles is a clear-cut way to lessen the risk of personal data finding itself in the wrong hands. Paper shredding levels range from P-1 with paper being cut into strips not exceeding 12mm in width to the most secure P-7 where particles must not exceed 5mm² in size. The P-6 and P-7 levels tend to be used by government and defence for the most secret documents, however, commercial organisations are increasingly using P-5 level shredders to bolster security for sensitive, personal or commercial information. At this level, confidential documents at A4 size are cut into over 2,000 pieces, which are nigh on impossible to reassemble.

Finally, it’s important to consider that in-house office shredders offer a much safer option than outsourcing to a third-party shredding service, as you are in full control and remove all possible liability that comes with subcontracting your shredding. An in-house solution can be up to 80 per cent cheaper to operate over 5 years compared to a third party shredding service. Put your mind at rest: shred in-house.


The need to prepare for GDPR is vital. The main thrust of the new regulations is to make all organisations take better care to secure personal data, however daunting fines of €20 million should provide an additional reason to ensure you’re taking the necessary steps to being compliant. The dangers of data misuse will soon be too great to ignore.

By shredding your documents, you reduce the risks of non-compliance and all the implications thereafter. The simplest way to think about protecting yourself and your business is to ask whether you are holding onto customer information. Be it paper records, hard drives or data media such as CD-ROMs, these are all potential areas where confidential information could be compromised.

Mark Harper is Head of Sales at HSM Office Technology.

HSM is a global pioneer of environmental and office technology.

What's your opinion?

Back to top button