Paper Security Policy Advice

This advice is aimed at any organisation who are currently drafting improved security policies for paper based data and are looking to maximise employee compliance.

Why is paper security important to GDPR and IT security?

While electronic data security is rightly a priority for the majority of organisations, many fail to adequately address the security of paper-based data. Paper documents invariably carry personal, sensitive and confidential data, all of which fall under the GDPR.  Paper documents, much like laptops and mobile devices, are a weak link and are the cause of numerous security breaches or ICO investigations.

In fact, two thirds of offices admit to not shredding confidential information.1 This puts organisations at risk for non-compliance with GDPR, as well as putting data subjects at risk of fraud and identity theft.

With this in mind, Rexel, a leading shredding machine brand, encourages organisations to review their security policies and practices relating to both paper-based and electronic data.

While digital threats are high on an organisation’s agenda, it would be a mistake to assume that paper-based security risks are irrelevant.

5 tips for organisations drafting their paper security policies to comply with the General Data Protection Regulation

First activate the first 3 steps of our 6 point GDPR plan. 1. Appoint a data protection office 2. Assess your systems 3. Develop a strategy Now you’re ready for steps 4 and 5; Implement a new organisation policy and tackle employee engagement.

1Beyond good intentions: The need to move from intention to action to manage information risk  in the mid-market, PwC report in conjunction with Iron Mountain, June 2014.

*Shredders that offer Auto Feed shredding allow stacks of paper to be shred in one go, rather than being fed manually.  An employee would need only 14seconds as opposed to over 14 minutes to shred 500 sheets with a traditional manual shredder.

Max saving when using an Auto+ 500X compared to a traditional feed shredder in a similar price level. Independents test from Intertek Testing & Certification Ltd June 2012.