We spend a lot of time thinking about “active” processing when we are using personal data to achieve our goals, but we must not neglect our obligations when it comes to the disposal of personal data, remembering that this is also processing and so must be done in compliance with data protection laws.
UK organisations must comply with the security principle in Art 5(1)(f) UK GDPR by putting in place appropriate technical and organisational security measures to protect personal data from unauthorised or unlawful processing, accidental loss, destruction or damage. This obligation extends to the disposal of personal data. We have set out our 5 top tips to help you dispose of personal data in a compliant way:
1. Put a plan in place
It is important to consider from the outset of a project how long the personal data will need to be retained for, and how it will be securely destroyed at the end of the retention period. We recommend putting in place a Document Retention and Destruction Policy to document your decisions.
2. Training
Secure destruction of personal data should be the responsibility of all employees. Implement training to explain to staff how personal data should be stored and destroyed and monitor compliance with procedures.
3. Check your suppliers
When working with a new supplier, make sure your contract contains detailed provisions around the destruction of personal data. Ensure your IT team thoroughly reviews the security arrangements of your suppliers.
4. Deleting digital information and backups
Remember when deleting information from computers and other electronic devices, there may be backup storage which means the personal data is retained even after you think you’ve deleted it. Consider putting in place secure deletion software and seek specialist IT advice if required.
5. Don’t forget paper documents!
Shredding is a quick and effective way to destroy paper documents, either by buying your own cross-shredders (which are more secure than the straight-cut version) or using a reputable shredding company.