Implemented in 2018  the General Data Protection Regulation is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area and places responsibilities on how confidential waste is disposed.

Awareness and Data Protection Policy

Everyone in your organisation needs to be aware of these regulations.

GDPR specifies that personal information must be securely deleted once it is no longer required for the purpose it was originally obtained for. Organisations must, therefore, ensure that confidentiality and compliance is maintained to the very end.

The UK Information Officer’s Office states:

Whether you’re a small organisation, a group or a sole trader that creates or deals with data, you’ll also need to have a plan in place for getting rid of this data, either because you’ve finished your contract with a customer or client, or a person contacts you specifically to ask for their data to be deleted.

No matter if it’s a pile of papers or a digital folder of information, it’s important to have a plan for how you’ll destroy it securely when you need to.

Destroy paper documents permanently and securely

Shredding is a common way to destroy paper documents and is usually quick, easy and cost-effective. Many retailers sell shredders for use within your office or premises, enabling you to shred and dispose of the documents yourself. If possible, consider recycling your shredded documents, as long as you can do this without leaving the data easily available to others during that time.

Alternatively, you could use a shredding service. Companies will come to your business, collect the documents and safely shred them for you. If you decide to take this route, make sure you’re satisfied they’re a reputable company that will destroy the documents securely.

Learn more about GDPR at Information Commisioner’s Office and GDPR data protection law