Paper documents pose a security risk to business that can be easy to overlook, which is why confidential shredding, especially in hybrid workspaces, is a necessity to keep a business’s data secure and comply with GDPR.
While many businesses are now digitalising their operations, there is still a significant role for paper documents in most. It also means that these documents need to be kept securely and disposed of properly once they are no longer needed, whether that is in the office or at home.
A 2022 survey by office equipment manufacturer Fellowes found that 68% of businesses that took part in the survey handled a large amount of sensitive printed information daily. In addition, 70% of respondents were either taking printed work documents home, printing work documents at home – or both. More worryingly, just shy of half of this group were then putting these documents in a wastepaper or recycling bin without shredding them.
“Furthermore, 46% of all respondents had seen people leave confidential work-related documents unattended,” says Jeremy Cooper from Fellowes. “This should be of big concern to businesses. Even if there seems to be strict policies on shredding sensitive information, these guidelines are often not followed outside of the office. Whether it’s in a corporate office or home workspace, sensitive paper data must be locked away when not in use, and securely shredded once it is no longer needed for the purpose it was acquired.”
Staying compliant
Fellowes’ survey also found that only 60% overall were familiar with the General Data Protection Regulation (GDPR) that was introduced in 2018 and just one in four businesses had adapted their policies to include home working or remote working in general. “It is absolutely essential for organisations to act now to avoid hugely costly penalties by making sure polices are reviewed and updated to reflect the new way of working and potential data breach risks,” warns Jeremy.
A key part of staying GDPR compliant is secure shredding, which ensures confidential paperwork cannot get into the wrong hands or result in a data breach. “In an era when more people than ever are working between home and office, yet complying with the GDPR matters as much as ever, the data security risks this presents are clear,” says Jeremy.
“To comply with the GDPR, organisations need to ensure that employees have access to a shredder in the corporate office. Additionally, staff working from home should be equipped with a small or home office shredder.
“Any documents that contain personal data and business records should be safely shredded in line with legal requirements on the retention of data.
“HR records should be regularly checked, and once they have reached their legal expiry date, they must be destroyed. GDPR requires HR departments to demonstrate why they are keeping data on employees past and present and justify why they are keeping any data beyond the required retention period.”
Since the move to remote working during the pandemic, several studies have highlighted the bad habits around data security that have been picked up while working from home, Jeremy adds.
“Whether staff are working in the office, at home, in shared working spaces or anywhere else, employers need to manage their security risks. it is important that this is done regularly and in a timely fashion, and sensitive paperwork is not left where it could be accessed by unauthorised individuals in the workplace.”
Shredding baseline
Kyle Mitchell, commercial sales director at Whitaker Brothers, adds that as confidential shredding has long been a part of modern business, senior business leaders understand the need for robust data destruction processes at this point. “The issue is less prescient with those lower down the chain of a business, which is where some challenges can arise in terms of data security,” he says.
“Working from home on this scale is still fairly new so business leaders will no doubt still be encountering obstacles they haven’t experienced before in terms of home working security. The important thing is to ensure that employees at every level understand the need for rigid security processes and can use their training to determine when data needs to be destroyed whether they’re working in the office or at home.”
For home shredders, Kyle says that a standard baseline would be to ensure your shredding is GDPR compliant. “The lowest level for this is Level 3 or P-4. These shredders are cross-cut or micro-cut shredders which ensure documents can’t be repaired/interpreted.
“There are some P-4 level shredders that are suitable for home use. Whether your home workers need this for their office set-up will depend on how much physical data they work with and how often they work from home. If the cost of these shredders is too prohibitive, you may want to implement policies that don’t allow vulnerable data to be taken home or change your remote working policy to reflect the physical data demand of the role.”
Kyle adds that while third party off-site shredding is an option, as it is conducted by a professional which means that it comes with a guarantee that data will be destroyed in the correct manner, if a business is dealing with large amounts of paper documents, the cost saving of an office/home shredder could be considerable.
“If you ensure that your office shredder is compliant with the level of security required for your business and that your staff are properly trained in how and when to use it, this is most often the more cost-effective approach.”
