The GDPR (General Data Protection Regulation) is a new rule in EU law regarding data protection. In layman’s terms, GDPR means companies must be careful of the privacy and data they hold of their customers and/or clients. Following the replacement of the 1995 data protection law, people now have more rights to ask companies to delete or withhold their personal data. Due to the laws surrounding data protection becoming stronger, the fine for any companies that break this has dramatically increased.
With these new rules in place, it is now hugely important for any company to ask permission before collecting someone’s personal data. It must be made clear as to how and why the data will be kept and used, and the customer/client must agree to this. For example, if a customer gives over their email address, they must agree to receive any marketing emails. If they don’t agree, no marketing emails can be sent. The customer needs to be notified about who will have access to their data and why. The company must ensure they are aware of who has agreed to let their information be used and in what ways. This will help them to know the ways in which each person’s data can and can’t be used to stop them from breaking the law and getting a hefty fine.
Read on to find out the basic GDPR principles your business should be following:
GDPR Obligations for customer data
It is the company’s job to make sure the customers have agreed to let their data be used and they should continue to check this with any new customers or they could risk a large fine. It is their duty to make sure any unnecessary data has been deleted if it is no longer needed.
A process should be put in place to help keep up to date on this and make sure all the data given by customers is necessary and they have given permission for it to be used. Anyone who has access to personal data should be able to explain why they have this access.
Physical Documents and GDPR
The same GDPR rule applies to physical documentation; if you have a customer’s personal details stored away in a filing cabinet, it needs to be safely destroyed if it is not needed or if a customer requests this.
This is because Storing physical documents that contain personal data comes with security risks. These documents can be lost, stolen, or accessed by unauthorized individuals, potentially leading to data breaches or identity theft.
By securely destroying unnecessary physical documentation, organizations mitigate these risks and protect the privacy and security of their customers’ information.
How CDDL Can help your business with GDPR
CDDL (Confidential Document Destruction Limited) can help you along the way through this process. We can dispose of any confidential waste that is no longer needed so it is removed in the correct way to keep in line with the GDPR laws and help you to increase your security to protect your data and keep the right information.
If you need any documents shredding to protect your company under the new GDPR laws, please call or email us today. See our contact page for ways to get in touch.
More on GDPR
If you want to find out more about GDPR and how having a confidential waste plan in place can help your business check out these other articles for lots of help and information about GDPR and confidential waste disposal. and don’t forget to follow us on facebook for all our latest news.
Why you can’t burn confidential waste ⬇️
Why GDPR is so important for confidentiality ⬇️
Secure confidential waste disposal for businesses ⬇️