Data Security can involve all aspects of your business. From how you store or dispose of your physical documents and IT hardware. Recent regulation of GDPR 2018 is a regulation to make sure you have a process in place to protect personal information and how it is processed. The correct way of disposing of unwanted physical documentation and potentially IT hardware is a small but important aspect of how you and your business are GDPR compliant.
Keep track of Physical documents
Every place of work, business space, will have physical documents in the office and it’s important that in any one time you know how these are stored and accessed and what level of potential risk those documents could expose your company to. It is important to have good housekeeping in place whether it’s just checking the printer, photocopier at the end of the day to make sure no potential risky documents that are in the print tray or discarded in the office. Is there a solution to get rid of unwanted print out beside the printer? Good practise in any business environment is to dispose of unwanted documents in a secured receptacle ideally located by the printer and or in a centralised point easily accessed.
Media / hardware destruction
Risk is not just evident in physical documents but more importantly in this increasing digital world digital storage of information is increasingly exponentially, especially on hard drives, CD’s, DVD’s, USM Memory sticks, SIM cards, microfiche and Floppy disks, x-rays, video cassette tapes, any IT hardware to name a few. Each has a process that will need to be disposed of in a very specific way. Information on storage hardware can be retrieved by any competent hacker even though it’s been deleted so it’s important that redundant IT Hardware is disposed of in the correct, complaint manner. For example, one method of disposing of a hard drive will involve ‘degaussing’. This involves a process of magnetic wiping. In addition, you can carry out a ‘Hard Drive Shred’ this is a process that completely destroys the device where any information cannot be retrieved.
Employee Awareness of Document security
Any policy implemented is only as good as the employees understanding of data protection. Employees who are well informed through company training are more conscience in creating, handling, processing and storing sensitive documents and avoid potential high-risk situations. Training needs to be suited to your companies’ policies, whether that’s 1:1 or in groups companywide. Whatever the policy, this needs to be conducted on a regular basis. Shred-On-Site is a BSIA (British Security Industry Association) principal member. An ISO9001 – BS. EN 15713:2009 accredited organisation and operate in the Government, Healthcare, Banking, Finance and Legal Sector.
Author: Mark Coombes, Follow me on Google+