Do you know what the date is on Sunday? No, don’t start scrabbling for your calendar app, we’ll tell you – it’s the 18th. Which happens to mark two months until GDPR kicks in. Yikes! How did that come about so fast??
Unless you’ve been living under a rock, you’ll have heard of the General Data Protection Regulation. But just in case you haven’t, it’s the new law that will be building on the current Data Protection Act (DPA).
Laws, as we know, are complex things. So we’re not going to try and give you an in-depth guide here, ok? For that, you want to check out the guys over at the Information Commissioner’s Office.
We just wanted to remind you of one very important fact: GDPR doesn’t just apply to online data.
So you know those boxes of files you’ve got stored away? (Hopefully nice and neatly in our purpose-build storage facility in Bridgwater, but possibly in a slightly damp and scary storage room where spiders and dust bunnies vie for dominance). Well, they need some attention.
Individual rights covered by GDPR
GDPR is all about protecting people’s personal data. In fact, it gives individuals very specific rights:
- Right of access – so basically people can check up on what you have on them and what you’re doing with it.
- Right to rectification – which sounds like a terrifying medical procedure but just means if there’s an error in the data then they can ask for it to be rectified.
- Right to erasure – also known as the right to be forgotten, so if the data is no longer actively being used then an individual can ask for it to be permanently destroyed or erased if it’s held electronically.
- Right to restrict processing – a slightly more complex one about being able to store a certain amount of info but not actually use it.
- Right to data portability – so people should be able to take the data you have on them and use them in other places.
- Right to object – about specific processing or direct marketing using their data.
- Rights related to automated decision-making including profiling – a complicated one that’s difficult to summarise so if you’re super interested then have a look here.
How does GDPR affect my archives?
Ok, so what does this mean for you and those box files of archived customer records and invoices from 1972? And why are we bothering you about it when you’d really rather be out on the golf course?
Well in the smallest of nutshells, you need to think about whether any of those boxes might contain personal data. Which includes (but is not restricted to):
- Personal financial details
- Medical records
- Contact details
- Online identifiers
- So-called ‘sensitive data’ such as political opinions or trade union membership
If it does, and you don’t have a right to that data, then you might need to consider destroying it. And we don’t just mean sticking it in a black bin bag and waiting for collection day. Secure data destruction is something we take really rather seriously – we shred paper in two different directions and then pulp it so there’s absolutely no way it will end up in the wrong hands.
If you’re within your rights to hold the data, you’ve still got a little more work to do. Because GDPR isn’t just about what you collect and how, it’s also about protection. Which means if anyone can stroll into your archive room and get Jo Bloggs’ postal address and latest utility bill, you’ve got an issue.
Secure document storage will be even more essential than ever in the new GDPR world. You could invest time and resources into giving your current in-house storage a health check. Or you could get in touch with a company like us. Our HQ is alarmed and monitored 24-7, plus it’s environmentally regulated so you don’t need to worry about things like damp or sunlight or anything else that print documents just don’t like.
If you still want to gen up on GDPR in more detail, do check out the ICO’s 12 step guide on how to prepare for GDPR. But if you’re ready to take action and get yourself ready for that deadline in two months, do get in touch and ask the team about our secure data destruction and storage facilities today.