GDPR and Document Retention: Best Practices for Paper Records

To align with GDPR, businesses must extend their data protection policies to encompass paper documents. Whether stored electronically or as hard copies, organisations need to implement technical and organisational measures to ensure secure data processing. Key considerations for paper documents under GDPR include:

• Secure Destruction: Documents containing data no longer needed must be securely destroyed through methods such as shredding.
• Organised Storage: Documents that need retention should be stored in a manner allowing easy traceability and accessibility when required.
• Access Control: Sensitive documents require storage in locked cabinets, with restricted access limited to authorised personnel.
• Inclusion of Remote Workers: Policies should encompass temporary and remote workers, outlining procedures for protecting documents and data in their possession.

The Data Protection Principles

Every data protection strategy should respect the principles that data shall be:

1. Processed lawfully, fairly and in a transparent way
2. Collected for specific, explicit, and legitimate purposes, and not subsequently processed in a way that goes against those purposes
3. Adequate, relevant, and limited to what is necessary
4. Accurate and up to date. Inaccuracies should be processed, erased, and rectified
5. Kept for no longer than is necessary
6. Processed securely

Three Tips for Better Shredding Practices

Secure shredding is key to keeping confidential paperwork out of the wrong hands and reducing organisational exposure to data breaches. Using a shredder to safely destroy confidential paperwork should be part of our daily routine, wherever we work.

• Don’t assume everyone understands GDPR. Educate all employees on GDPR requirements, personal data handling and the six principles of data protection. This training should be given to all new starters, whenever legislation is updated, and as part of regular data security refresher sessions.
• Shred all sensitive paperwork before recycling or disposing of it, ideally without needing to take the risk of transporting it from home to office, or vice versa.

• Give all employees easy access to a secure shredder at home and at work to ensure GDPR compliance wherever your team might work.

It’s clear that shredding is the best way to securely destroy confidential documents, protecting sensitive business information and personal identities.

Take action to protect your business today.