Compliance with the GDPR is an important element of the functioning of companies throughout the European Union. Although the regulation has long been discussed in the media and has been devoted to legal articles, some principles may still raise some doubts. From the point of view of enterprises, an important change that took place with the entry into force of the provisions of the GDPR is the issue of document destruction. It is worth spending a moment on this, because the issue of unnecessary documentation applies to virtually every company.
What does the Personal Data Regulation (GDPR) say about document shredding?
As a result of their regular activities, enterprises accumulate huge amounts of files, contracts, invoices and other types of documentation. Such data is collected both on sheets and in electronic form. The law clearly defines how long the entrepreneur should keep a specific type of files (e.g. to allow for possible control). With time, however, each such document becomes obsolete and becomes simply redundant. What does the GDPR say about this situation?
You should be aware that the GDPR in this area does not specify the procedure. However, the act says that data should be processed in a way that will ensure information protection. On the one hand, the record gives a lot of freedom of interpretation, and on the other hand, it can be a source of considerable doubts. These may be somewhat dispelled by the information that the destruction of documents, in accordance with the GDPR, is considered processing. Therefore, unauthorized persons cannot have access to the data in the files that we intend to destroy.
How to avoid financial penalties?
The interest in the destruction of documents has increased not so much by the GDPR, but by possible fines that await entrepreneurs who do not comply with the rules. In a situation where irregularities related to the processing of personal data are detected (e.g. resulting from incorrect destruction of documents), the company may be charged with a fine of up to EUR 10-20 million or 2-4% of the annual turnover. It is hardly surprising that in the face of such an expense, companies are increasingly opting for a professionalservice document shredding. Choosing a reliable company operating in this industry, such as Rhenus Data Office Polska, allows not only to avoid monstrous penalties, but also provides the owner of the company with peace of mind and psychological comfort.
Document destruction companies – what are they doing to comply with the GDPR?
The services of such entities are used by both large corporations and small companies that do not want to be stressed by possible legal liability or devote their employees’ time to activities aimed at thorough document destruction.
Companies offering such services comply with the GDPR by taking steps such as:
- Securing documents against third parties
All files are closed in sealed containers in front of the person ordering the destruction of documents. As a result, unauthorized people do not have access to them, which is additionally confirmed by specialized sealing of the container.
- Fast transport of documents to the disposal unit
Companies operating in this industry do not store files, but immediately transport them to the place where the documents are destroyed.
- Compliance with standards and issuing of protocols
Documents are destroyed in accordance with the highest classification class 3 in accordance with DIN 66399. Before destruction, a contract is signed, and after the process, a certificate of file disposal is generated.
Storage of documents in the light of the GDPR
Finally, it is worth noting that storing documents longer than necessary is prohibited by the Regulation on Personal Data. Procrastination with getting rid of unnecessary files not only leads to more chaos in the company and to reducing the space on office shelves, but can also be punished. For this reason, it is worth familiarizing yourself with the necessary period of keeping documents relating to employees, tax and accounting and other types of files, and then strictly adhere to the legal deadlines.
