As most businesses will be aware, the 25th May 2018 saw the introduction of the new GDPR rules across the EU, and replacing the Data Protection Act in place within the UK. The new rules are likely to impact most businesses operating within the UK, designed to protect consumers and their personal data, restricting businesses and affecting the way that they operate as a whole.
The GDPR rules cover provisions for paper documents, meaning that anybody working with paper documents that hold sensitive data will have to ensure that they comply. As you may not fully understand the rules or may not be aware of what is required of you, we have created a list of things that you need to consider to be sure to comply with GDPR.
Documents have retention periods that determine how long you should keep hold of the documents for, with GDPR stipulating rules relating to the way that they are stored, how they are destroyed and more. Although it is likely to be a long and complex task, you should make sure that you comply with the new GDPR rules in relation to retention periods, document shredding and the management of your documents, if haven’t done so already.
A common way that businesses have chosen to do this is to turn their paper documents into digital copies, and managing them by using an online management system. By digitising your documents, you will be able to have instant access to the documents and you will be able to manage them in a much better way.
In order to comply with GDPR, you need to be sure that you can find the documents, especially as the new rules are stricter than before. The right to be forgotten is a big part of the new rules, with consumers able to ask for their information to be deleted or removed from your possession. With this in mind, you do need to be sure that you can easily locate and retrieve all of your individual documents. To comply with this, you should have an effective system in place for tracking the documents, or to at least being able to find them easily.
It is very easy for documents to be duplicated, and so you may be completely unaware as to how many copies you have of different documents. Not only does this mean that the data that you use could be lost and could get into the wrong hands, but it also means that you won’t be able to fully comply with GDPR.
All documents and data must be kept private as part of GDPR, throughout all stages of using the documents. Whenever creating, storing, managing or destroying the documents, you need to be sure that the data is kept private. Once again, you should put processes and regulations into place that ensure data is kept private, reviewing current processes and activities that the business operates with.
For more information on document management, storage or destruction, please contact RADS Document Storage today.