• Is secure off-site shredding a myth?

        • With an increasing surge of activity from UK organisations towards GDPR security, questions are being raised on the effectiveness of shredding solutions. Mark Harper, Head of Sales at HSM UK investigates into the validity of claims made by off-site shredding services, versus the advantages of moving your shredding in-house. 

          As data protection officers across the UK make moves towards GDPR preparation there are questions consistently being raised concerning the most secure route to take in data protection.In the midst of this confusion some are opting to outsource their shredding services, using third-party solutions that promise to deal with GDPR compliance away from the office. However, with increasing emphasis on compliance, is the promised security of off-site shredding actually a myth?

          A common misconception

          At face value, off-site shredding services offer convenience. Despite this, inherent risks such as complete confidential documents sitting in consoles, often with basic locks for days or even weeks, multiple handlers, often very lowsecurity levels and external errors could all lead to that dreaded data breach fine. 

          Once paper documents containing private information are taken off-site, those confidential documents can be handled by multiple people as part of the process. What’s more, you can’t be sure of the exact security level shredding services are shredding your confidential documents to. Many people think that their shredding service is shredding to a similar particle size as a cross cut office shredder, but often shredding trucks and off-site shredders will barely meet the lowest level P-1 DIN security standard. Can you confidently say that you know what size your paper is shredded to? 

          The new GDPR coming into force in May this year states you should, as you are still responsible for the security of your confidential personal information even after you have handed it over to a contractor to shred. So, what can be done to ensure you meet GDPR compliance when using a shredding service? Chiefly, you should audit your shredding service provider periodically to ensure they are providing an appropriate level of security. 

          It is also fundamental to know that you still bear the full responsibility for the security of personal information on the documents you have handed over, even when handed over to an external shredding provider. What’s more, a shredding service providers’ ‘certificate of destruction’ merley represents the fact that a large quantity of unspecified documents have been collected and destroyed to an unspecified standard, which offers no protection in the event of a data breach whatsoever.  

          However, when using an office shredder at P-4 or above you know the document has been securely destroyed beyond any reasonable doubt and there’s no need for a certificate to prove that this has been done successfully.

          Shredding your profits

          Monthly costs spent on external shredding services can quickly add up. As many organisations are finding out, using an in-house solution is considered a more financially viable answer to GDPR compliance. A shredder can be up to 80 per cent cheaper to operate over five years compared to a third-party shredding service. 

          These savings aren’t only applicable for office-based organisations but they also apply to small and medium-sized-enterprises alike. 

          Inner security 

          Having a clear data protection and shredding policy throughout your organisation is one of the best ways to remain GDPR compliant. It’s advised for teams to shred little and often and to secure all confidential documents by implementing a clear desk policy. 

          Staff awareness is one factor to not be forgotten. Employing a data protection officer is the right way to begin preparation but it’s imperative that company-wide awareness and training are not overlooked. 

          Whilst some may argue for the efficiency of third party shredding services, it’s much safer to ensure all staff are aware of GDPR and deal with it in the most appropriate ways internally. It’s important to consider the added security of shredding in-house. Using an internal shredding solution gives you and your organisation full control, removing all possible liability issues that may come with subcontracting. Not to mention the beneficial factors of long term cost savings. 

          Dealing with GDPR internally means liability lies with you, and you only. Don’t compromise on security, maintain compliance internally.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • Making school safety a priority with smart technology

          Making school safety a priority with smart technology

          Tuesday 23rd Feb 2021 by clareb
          With pupils set to go back to school on 8th March, there are a number of safety measures schools need to implement to ensure the health and wellness of the staff, students and school communities.  The first lockdown and closure of schools broug...Read More...
          Omnichannel contact centre needs further transformation post-pandemic

          Omnichannel contact centre needs further transformation post-pandemic

          Tuesday 23rd Feb 2021 by clareb
          For organisations operating contact centres, now is the time to plan for a more settled future where consumer and worker habits are permanently changed from how they were before. This is according to TelcoSwitch, a provider of unified communications ...Read More...
          Over 1/3 UK consumers cease purchasing EU goods post-Brexit

          Over 1/3 UK consumers cease purchasing EU goods post-Brexit

          Friday 19th Feb 2021 by clareb
          Eskenzi PR & Marketing, a voice in the cybersecurity public relations industry has announced the results of a survey which found that over a third (34%) of UK consumers have stopped purchasing goods and services from the European Union since...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue