• Is secure off-site shredding a myth?

        • With an increasing surge of activity from UK organisations towards GDPR security, questions are being raised on the effectiveness of shredding solutions. Mark Harper, Head of Sales at HSM UK investigates into the validity of claims made by off-site shredding services, versus the advantages of moving your shredding in-house. 

          As data protection officers across the UK make moves towards GDPR preparation there are questions consistently being raised concerning the most secure route to take in data protection.In the midst of this confusion some are opting to outsource their shredding services, using third-party solutions that promise to deal with GDPR compliance away from the office. However, with increasing emphasis on compliance, is the promised security of off-site shredding actually a myth?

          A common misconception

          At face value, off-site shredding services offer convenience. Despite this, inherent risks such as complete confidential documents sitting in consoles, often with basic locks for days or even weeks, multiple handlers, often very lowsecurity levels and external errors could all lead to that dreaded data breach fine. 

          Once paper documents containing private information are taken off-site, those confidential documents can be handled by multiple people as part of the process. What’s more, you can’t be sure of the exact security level shredding services are shredding your confidential documents to. Many people think that their shredding service is shredding to a similar particle size as a cross cut office shredder, but often shredding trucks and off-site shredders will barely meet the lowest level P-1 DIN security standard. Can you confidently say that you know what size your paper is shredded to? 

          The new GDPR coming into force in May this year states you should, as you are still responsible for the security of your confidential personal information even after you have handed it over to a contractor to shred. So, what can be done to ensure you meet GDPR compliance when using a shredding service? Chiefly, you should audit your shredding service provider periodically to ensure they are providing an appropriate level of security. 

          It is also fundamental to know that you still bear the full responsibility for the security of personal information on the documents you have handed over, even when handed over to an external shredding provider. What’s more, a shredding service providers’ ‘certificate of destruction’ merley represents the fact that a large quantity of unspecified documents have been collected and destroyed to an unspecified standard, which offers no protection in the event of a data breach whatsoever.  

          However, when using an office shredder at P-4 or above you know the document has been securely destroyed beyond any reasonable doubt and there’s no need for a certificate to prove that this has been done successfully.

          Shredding your profits

          Monthly costs spent on external shredding services can quickly add up. As many organisations are finding out, using an in-house solution is considered a more financially viable answer to GDPR compliance. A shredder can be up to 80 per cent cheaper to operate over five years compared to a third-party shredding service. 

          These savings aren’t only applicable for office-based organisations but they also apply to small and medium-sized-enterprises alike. 

          Inner security 

          Having a clear data protection and shredding policy throughout your organisation is one of the best ways to remain GDPR compliant. It’s advised for teams to shred little and often and to secure all confidential documents by implementing a clear desk policy. 

          Staff awareness is one factor to not be forgotten. Employing a data protection officer is the right way to begin preparation but it’s imperative that company-wide awareness and training are not overlooked. 

          Whilst some may argue for the efficiency of third party shredding services, it’s much safer to ensure all staff are aware of GDPR and deal with it in the most appropriate ways internally. It’s important to consider the added security of shredding in-house. Using an internal shredding solution gives you and your organisation full control, removing all possible liability issues that may come with subcontracting. Not to mention the beneficial factors of long term cost savings. 

          Dealing with GDPR internally means liability lies with you, and you only. Don’t compromise on security, maintain compliance internally.

        • Stay up to date - Click here and register for FREE OEN online membership and enjoy unlimited access to a host of benefits including the exclusive members area of the website, downloadable business tools, current and back issues archive, priority breaking news alerts, weekly e news summary and the OEN app

        • Related Articles

        • Totality Services marks World Password Day with top tips

          Totality Services marks World Password Day with top tips

          Thursday 6th May 2021 by clareb
          Since 2013, the first Thursday of May each year marks World Password Day, promoting better password habits to stay safe online. With so many people working at home due to the ongoing pandemic, often without the IT support and protection provided...Read More...
          How remote working has changed issues faced by women in the workplace

          How remote working has changed issues faced by women in the workplace

          Wednesday 28th Apr 2021 by clareb
          Research from Yoppie has found that while remote working has improved pressures around appearance and PMS for women within the workplace, issues of fair representation and equal pay remain prevalent.  When surveyed by Yoppie...Read More...
          Half of office workers not confident about returning without vaccinations

          Half of office workers not confident about returning without vaccinations

          Tuesday 27th Apr 2021 by clareb
          Research from Ezra, a provider of digital coaching, has revealed that just half of UK office workers feel confident about returning to work without a full vaccinated workplace.  Ezra’s research found that 80 per cent of UK office wor...Read More...
                • About Us

                  OEN is the leading source of business news and information for buyers of office equipment, supplies and services within mid tier and up sized organisations. Our multi-platform approach delivers relevant, engaging and focussed content via our main printed magazine, bespoke guides and supplements, website, digital editions, apps, and newsletters with an unrivalled reach across the industry. A highly trusted and respected brand for many years, the print version of OEN last year celebrated its Diamond anniversary.

                  For our latest Media packs and more details on our range of services click here

                • View Latest Issue