GDPR and confidential waste

confidential documents

Disposing of confidential waste responsibly is not only the right thing for businesses to do, but it is also governed by law in the UK. Both the Data Protection Act 1998 and the newer GDPR legislation require businesses to meet stringent requirements in terms of secure data destruction.

One major change in the newly implemented GDPR requirements as compared with those of the Data Protection Act is that there are now much greater liability and fines at stake for data breaches. Focusing on how your data is destroyed is now more important than ever and so your company’s process for disposing of confidential waste should be checked for compliance.

Types of confidential waste

Under GDPR legislation, if you hold sensitive information about anyone, they now have the right to request that you completely dispose of this data and no longer hold any information about them (though there are certain exceptions, such as when you are required by law to hold the information).

Confidential waste can include a wide range of documents, both paper and digital, containing any sensitive information about other parties that is no longer required or has been requested to be removed. As well as customers’ data, it can also include that of employees and suppliers (both current and previous).

Disposing of confidential waste

Confidential paper waste cannot simply be thrown away and recycled along with other paper waste, nor should CDs or similar containing sensitive data be disposed of with ordinary waste. Information needs to be securely shredded and a process should be implemented that ensures that there is no risk of this information getting into the wrong hands at any stage.

For this reason confidential waste needs to be separated and labelled as such in order for it to be dealt with in the correct manner. Suitable confidential waste sacks should be used for this, which are clearly labelled as such. Confidential waste sacks should also be opaque so that the contents cannot be viewed either when being stored or transported for shredding.

Confidential waste destruction process

Your business is obliged to document the process of data destruction. On-site shredding is the most secure method of data destruction, provided that the data is shredded in compliance with GDPR requirements. Strip shredding is too easily pieced back together, so it is important that information is either cross-cut or, even better, micro-cut. You will need to ensure that all employees are familiar with and are adhering to your confidential waste disposal process.

If you employ a company to destroy your data for you then under GDPR both your company and theirs are liable if there is a data breach. For this reason you need to make sure that the company you choose is reputable. Ensure that they are either providing you with or insisting that you provide your own confidential waste sacks that are clearly labelled ‘Confidential Waste’ and that are not transparent. They should also provide you with a certificate of destruction to proved that the data has been properly destroyed.

Confidential waste sacks

Abbey Polythene’s confidential waste sacks are clearly labelled and marked to make the identification and segregation of your confidential waste products simple and efficient. They come in a wide range and are available from stock with fast and reliable delivery.