General Data Protection Regulation (GDPR)
What Is the GDPR?
The General Data Protection Regulation (GDPR) replaces the Data Protection Directive of 1995, which came into play barely four years after the advent of the internet, back when massive, online data breaches were not possible. The purpose of the GDPR is to act as the new, overarching legislation regarding the way companies around the world manage and protect personal data belonging to citizens of the European Union. It is a much-needed update to privacy legislation –one that takes into account the shape of society in a connected world.
Complying with GDPR is about more than just avoiding fines. Keeping the goodwill of clients and partners is key to the competitiveness of a business. However, organizations that are impacted by a breach can be fined up to 20 Million Euros or 4% of annual revenue.
More Than Just Online
While most of the factors that affect GDPR compliance are related to online activities, there is an important offline component that businesses need to account for: the necessity to diligently destroy hard drives and schedule document shredding. If left to your staff, these two activities can create considerable risk for your business.
Impact of the GDPR on Your Business
To answer this question accurately for your organization and understand the specific processes and implementations that you need to carry out, you will need to conduct a Data Protection Impact Assessment (DPIA). This assessment will let you evaluate areas where your business is at risk of noncompliance, so you can remediate them. However, read on an find out about three key topics that apply to all businesses, and can help you grasp the scope of the GDPR:
- What personal data is?
- How long you can keep personal data?
- What to do in case of a data breach?
What Entails Personal Data Under the GDPR?
Any information that can on its own be used to identify a living individual is personal data. If the information on its own can’t identify the person, but in conjunction with other pieces of information it can do so, then it is also considered personal data. Additionally, if personal data has been processed –for example, encrypted– but this processing is potentially reversible, it still falls within the scope of the GDPR.
For How Long Can Data Be Kept?
The answer is both simple and complex: get rid of it as soon as you don’t need it anymore, by scheduling hard drive shredding and document shredding. Understand the real need for the data you store and establish a process to destroy it or review it after a certain amount of time. Let this time not be shorter than the one specified by legal obligations to keep that data.
What Should I Do in Case of a Data Breach?
When the personal data you are responsible for is exposed, you have 72 hours to notify the corresponding authorities. If the breach poses considerable risk for the individuals whose data was exposed, you need to notify the affected individuals as well. Data breach reporting is key for compliance, whether you depend on in-house experts or third-party vendors.
Proshred® Security Is Your Trusted Shredding Partner
When the time comes to get rid of sensitive documents and old hard drives, you can depend on Proshred® Security. Our certified professional shredding services are fully compliant with current privacy regulations and are carried out at your convenience on your premises. The process is irreversible, and you can watch it as it unfolds inside the truck through a live camera feed. You will receive a certificate of destruction to prove that you have done your part.
What Are People Saying About Proshred®
Today, Tuesday, 1/10/23, at 2:00 PM, I went to Pro Shred located in Elmsford to drop off two bags of papers. I was not aware that they did not accept cash or Apple Pay.
I am a first time customer, so I did not know the payment method. Met with Lamont, who explained they did not accept cash, however, he did look into the Apple Pay. This is when I met with Steven, who, like Lamont, spoke in a friendly and professional manner. Steven explained an alternative way, which I’d gladly accepted. Overall, the friendly and professional service I received from Steven in Lamont was exceptional. Thank you very much!
I was very pleased to know that they were NOT Dallas Cowboy fans!
Go Giants!
Jay Romano
When contract a job I am very specific about wanting to be charged what I am quoted. Usually I can't even get past the quoting when other companies start saying they will do it by box and then start talking about bin size on the phone. Pro Shed and Tara who quoted the job, did not play any games with me. They quoted a box price and then honored the box price. Not only was Tara grear, but when the guys showed up to do the shredding, they were professional, friendly, confident, and hard-working. Everything went as planned straight through the payment. I would refer anyone to this company at any time, because I feel comfortable that they did a good job for me and would do a good job forgrade,
I needed a little more shredding done, a very small job, just a little residual from the big job at a later date, and they are handling that great as well. I spoke to the manager today about them coming out on Monday for the residual and told him how pleased I was with the service. Unfortunately I can't remember his name but he was so professional as well and I'm so glad that I deal with this company. Don't use anyone else use a class act. ProShred gets 5 starts in all categories.
I have limited need for shredding services--every year or two, I need to shred some old credit card slips and bank statements and such. It is always very easy to load 8-10 boxes of stuff in the back of my station wagon, drive it over to ProShred and then unload it into a bin, pay the fee and I'm on my way. Easy peasy. The staff is aways friendly and cheerful; they will do my shredding for the foreseeable future.