fbpx

Category: GDPR

How can solicitors deal with old documents – and comply with GDPR?

Posted on by David Lovatt

As a solicitors you need to comply with GDPR.

There are so many important documents in a solicitor’s office.

From wills and house deeds, to business contracts, client contracts, and statements and briefs for criminal trials.

Many must be held for several years.

However, if your files aren’t destroyed securely after the statutory periods for some legal activity or the practice’s policy period, you could find your office swamped by old paperwork.

So, what are your options?

Staff shredding– This could take a member of staff out of their other duties for four or five hours every week, depending on how busy your practice can be. It’s an onerous task and this is time your staff could be spending dealing with clients, processing paperwork, or chasing invoices. 

Outsourcing– This could save your staff time and it could save your practice money. Your staff time is more valuable spent in other ways. However, you need to know your documentation is being transported and destroyed securely by a company whose staff are checked and vetted.

If you choose outsourcing, here are three questions to ask your prospective contactor:

  1. How will your documents be destroyed and what will happen to them afterwards?You need to know that the shredding facility is secure, that the shredding will destroy the data, and that any recycling will not allow documents to be re-assembled.
  2. What certificates will you receive for your audit trail?With GDPR (General Data Protection Regulation) implementation imminent on May 25, it’s vital that you have that paper trail to ensure you’re covered as a practice if there is a data breach. Under the new data regulations, businesses can face a fine of up to 4% of turn-over or 20 million Euros, whichever is the higher. You will need proof of transfer and a certificate of destruction.
  3. Will your provider be compliant with GDPR – and how will the company ensure that? Thisis so important at the moment. Every organisation which sends data outside it must know how its third-party contractors comply with GDPR.

Look for a company where staff are uniformed and security checked to ensure you know who is handling your paperwork – just like Taclus Confidential.

Why you should choose Taclus Confidential – A South Wales secure shredding company

We offer confidential paper waste and hard drive destruction services at affordable prices.

Taclus Confidential holds the accreditations for ISO 9001:2015 for quality management and ISO14001:2015 for environmental management and has been certified by independent auditors IQS for both.

Taclus has also been selected as the confidential waste management partner for Keep Wales Tidy.

 

Are you looking for an affordable and secure shredding service in South Wales? If you need advice on dealing with the secure destruction of confidential waste, call our friendly and efficient team on 02920 676 714, or email [email protected]

In a GDPR panic? Here are the 5 key areas you need to examine

Posted on by David Lovatt

It’s time to stop panicking about the General Data Protection Regulation being brought in on May 25.

There will be strict new rules about dealing with personal data, anything which could lead to the identification of an individual in Europe (including post-Brexit Britain).

Those rules will affect mailing lists, lists of job applicants, client lists, invoices, and other documents. They will apply to paper documents as well as items held on computers.

Yes, it’s the biggest change to data protection in a generation and fines are increasing, but…

Stop! It’s time to focus.

There are five key areas where you need to review how your business operates:

  1. How good is your cyber security?

How do you keep your computers, laptops, phones, and other IT equipment safe?

You need to be safe from someone hacking into your systems and someone spreading viruses.

Is your security being looked after by a reputable firm? That’s one of the best ways to ensure your data is protected. Even then, check what steps hey are taking to ensure they comply with the new rules. Ask for regular reports.

Buying systems in such as invoicing systems or CRMs? Ask the suppliers how they will help you comply, or will they put you, and themselves, at risk of a fine?

  1. Where is the data you hold?

You need to know what data you have, where it is stored, and how it is being used or processed.

That could include MailChimp or other emailing systems, CRM systems, website contact forms, cloud storage systems, spreadsheets, or documents on your laptop or phone.

It could also include physical documents, including confidential waste.

  1. What are your processes?

They need to have data protection built in from the start. That means, how you get the data, how you store it, who processes it, and the legal basis for using the data, all need to be considered before you collect it.

The rights of the people mentioned in the data need to be recognised and honoured from the start. For example, there is a right to be forgotten which means you need to work out how to inform people you have their data, and how they can request you delete it.

  1. What is the legal basis for holding and processing data?

You can process data under GDPR rules if you have:

  • Consent from the subject of the data for the explicit use you plan – for example, you will need specific consent to hold data on a mailing list, not just provide an opt-out box. You’ll also need to specify how regularly you’ll check with the data subjects.
  • A contract which means you need to hold and process it – for example, holding a guarantee.
  • Passing it on to save a life or in the vital interest of the subjects in another way.
  • If you must hold it in the public interest (based in law).
  • Your interest in processing the data is legitimate and doesn’t outweigh the interests of the person involved. This would mean passing an Information Commissioner’s Office Legitimate Interest Assessment.
  1. How will you deal with confidential waste?

Whether in paper form or on flash drives, image cards, or old hard drives, confidential waste could well hold personal data.

So, you will need to have processes in place to ensure they are dealt with and destroyed securely.

A costly data beach could come from the insecure handling of documents, for example.

Outsourcing your confidential waste to a reputable, experienced secure shredding company will help you comply with GDPR.

Who will help you?

The GDPR Alliance includes software firms, law firms, and security specialists, and its members help businesses become compliant with the new GDPR rules. You can find out more about them here.

They will help you put plans in place to cope if something goes wrong and there is a data breach.

The Information Commissioner’s Office has a section on its website with handy tips, advice, and documents. You can find it here.

Why you should choose Taclus Confidential – A South Wales secure shredding company

We offer confidential paper waste and hard drive destruction services at affordable prices.

Taclus Confidential holds the accreditations for ISO 9001:2015 for quality management and ISO14001:2015 for environmental management, and has been certified by independent auditors IQS for both.

Taclus has also been selected as the confidential waste management partner for Keep Wales Tidy.

Are you looking for an affordable and secure shredding service in South Wales? If you need advice on dealing with the secure destruction of confidential waste, call our friendly and efficient team on 02920 676 714, or email [email protected].

The clock is ticking! Grab our essential guide to gearing up for the huge changes GDPR will bring

Posted on by David Lovatt

The new General Data Protection Regulation which comes into force on May 25 will change radically the way we handle data and confidential waste.

Time to prepare for it is running out.

The threat of substantial fines – up to 4% of worldwide turnover for the most serious data breaches – is focusing the mind of many South Wales business owners on how to comply with the new rules.

So, here is our helpful guide to making the most of the months we have left before the changes come into force:

January and February

  • Decide on the systems you’ll need to comply with the new rules – this will include the data protection measures you’ll take online, your cyber security, your marketing operation, how you’ll manage your email database, and your systems for handling confidential waste.
  • Draw up a timetable for these systems to be implemented – decide on dates for all your key systems to be implemented and tested.
  • Allocate key tasks to your staff – ensure everyone has the overall plan and everyone knows exactly what they’ll need to do, and the dates when they should achieve it.
  • Decide on your data controllers and data processers – these will need to be identified under the new regulations, and each will need to be briefed on their key duties.

March

  • Ensure all staff are trained in the main planks of GDPR – from the need to inform people affected by the most serious data breaches within 72 hours to the need to keep an audit trail of how data is stored and when it will be reviewed. Several organisations covering South Wales are running training courses, and there are useful resources on the Information Commissioner’s website. The Federation of Small Business also has a toolkit for its members.
  • Review your GDPR timetable – ensure the dates are being met.
  • Get your overall plan written – this will be an important document if there is ever a data breach. You will be able to point to the fact you have taken the rules seriously and it could help reduce the level of any fine which is imposed.
  • Decide whether you need to outsource elements of data handling or the handling of confidential waste. If so, look for outsourced companies which comply with GDPR rules. When it comes to dealing with confidential waste, look for a company which provides you with certificates of destruction and handles your shredding in a secure facility.

April

  • Test your key systems – examine whether they will work efficiently and protect your staff and customers. Make any tweaks necessary.
  • Circulate your GDPR plan to all staff – everyone needs to know their role, their responsibilities, and the impact if they fail to deliver on them.
  • Ensure any outsourced contracts are finalised – get your provision in place before the new rules kick in.

May

  • Set a timescale for reviewing the plan and for asking customers if they’d like to remain on your database.
  • Ensure your opt in form for marketing on your website complies with the new rules.
  • Relax – in the knowledge your thorough GDPR plan is now in place!

Why you should choose Taclus Confidential – a South Wales secure shredding company

We offer confidential paper waste and hard drive destruction services at affordable prices.

Taclus Confidential holds the accreditations for ISO 9001:2015 for quality management and ISO14001:2015 for environmental management, and has been certified by independent auditors IQS for both.

Taclus has also been selected as the confidential waste management partner for Keep Wales Tidy.

Are you looking for an affordable and secure shredding service in South Wales? If you need advice on dealing with the secure destruction of confidential waste, call our friendly and efficient team on 02920 676 714, or email [email protected].