More than a year on since GDPR came into place and plenty of businesses are still not up to speed with certain aspects of the regulation.
One of these topics is the length of time before you are legally obliged to dispose of your confidential waste. Under GDPR, the rules have changed slightly so there is still plenty of confusion.
This is understandable; the answer varies depending on which sector you’re referring to and what kind of confidential information needs disposing of.
While maintaining consent is important, knowing the data protection law and when you should dispose of your confidential information is just as integral.
Bearing this in mind, we have aligned all the correct information below so that you have a clearer understanding of proper disposal.
Managing information and processing date for your company is no easy task. To do it well, it’s integral to know what precisely contributes to how long you are allowed to keep private and personal information.
Digital of physical, data controllers and processors are there to ensure all storage and destruction is within accordance to the sensitivity of the information.
It should also be kept on record. This is so it can be easily traced and kept under lock and key for as long as it is possible before being disposed of correctly.
Every data controller should be aware of the proper disposal method and produce data protection impact assessments to minimise risk of data breaches.
In short, it is the data manager’s job to make sure that all confidential material is disposed of quickly and in the correct manner. Otherwise, it could be a breach of GDPR.
Why Disposal Is Important
Poor management or improper disposal of confidential information not only affects the individual the information concerns, but it can also leave the business open to prosecution.
It is wise for your data protection officer to maintain control over every stage of the data’s life, from creation to disposal. Doing so will immediately add benefits to your company.
Doing so will ensure, among other things, the savings of costs, improved efficiency and reputation, and overall customer and staff satisfaction.
Disposal is arguably the most crucial step and should be done with as much control and vigilance as the other stages.
When to Dispose
In Recital 39 of GDPR, it states the period of time in which the sensitive data is disposed of should be restricted to a minimum established by the data controller.
That mean whoever is holding the data should dispose of the information as quickly as they are realistically able to do so. It is up to them to put the process in place according to GDPR guidelines.
Every organisation, therefore, must make sure all personal data is properly and securely disposed of when it is no longer needed.
To reiterate, this leaves the company is less of a legally dubious position and closes them off to prosecution. It also protects the data from becoming inaccurate, out of date or irrelevant.
What Should Be Kept?
No sensitive document, physical or digital, if the consent to retain it has been revoked. In the public sector, it may be necessary to maintain a record of information for the sake of public interest.
However, that record must be stored securely and within the parameters where access is restricted to those who have permission.
For the private sector, the confidential data they hold must also be stored securely until it is no longer needed.
Within both sectors, it is vital the organisation is aware of what data they have control of and how it is being stored.
Dispose of Your Confidential Waste with CDDL!
To assist you in disposing of all your confidential waste appropriately, we at Confidential Document Destruction have guidelines on how to maintain compliance with GDPR.
If you need to dispose of confidential waste, we can provide an effective solution through shredding and recycling, meaning all your waste falls within GDPR guidelines.
Comply with GDPR and get in touch with us today for more information on disposing of your confidential waste!