The GDPR (General Data Protection Regulation) is a new rule in EU law regarding data protection. In layman’s terms, GDPR means companies must be careful of the privacy and data they hold of their customers and/or clients. Following the replacement of the 1995 data protection law, people now have more rights to ask companies to delete or withhold their personal data. Due to the laws surrounding data protection becoming stronger, the fine for any companies that break this has dramatically increased.
With these new rules in place, it is now hugely important for any company to ask permission before collecting someone’s personal data. It must be made clear as to how and why the data will be kept and used, and the customer/client must agree to this. For example, if a customer gives over their email address, they must agree to receive any marketing emails. If they don’t agree, no marketing emails can be sent. The customer needs to be notified about who will have access to their data and why. The company must ensure they are aware of who has agreed to let their information be used and in what ways. This will help them to know of the ways in which each person’s data can and can’t be used to stop them breaking the law and getting a hefty fine.
It is the companies job to make sure the customers have agreed to let their data be used and they should continue to check this with any new customers or they could risk a large fine. It is their duty to make sure any unnecessary data has been deleted if it is no longer needed. A process should be put in place to help keep up to date on this and make sure all the data given by customers is necessary and they have given permission for it to be used. Anyone who has access to personal data should be able to explain why they have this access.
The same rule applies to physical documentation; if you have a customer’s personal details stored away in a filing cabinet, it needs to be safely destroyed if it is not needed or if a customer requests this.
CDDL (Confidential Document Destruction Limited) can help you along the way through this process. We can dispose of any confidential waste that is no longer needed so it is removed in the correct way to keep in line with the GDPR laws and help you to increase your security to protect your data and keep the right information.
If you need any documents shredding to protect your company under the new GDPR laws, please call or email us today. See our contact page for ways to get in touch.