close

Select Currency:

Home > Legal compliance

Legal compliance

General Data Protection Regulations (Compliance by 25th May 2018).
Businesses should be aware of these new regulations and prepare accordingly. Responsible data management and end of life shredding and recycling is essential  to avoid new fines of 4% of Global Turnover.

Information Commissioner Elizabeth Denham has told businesses there’s no time to delay in preparing for “the biggest change to data protection law for a generation”.

Speaking in a video addressing boardrooms, Ms Denham calls on businesses to see the commercial benefits of sound data protection, and act now to ensure they’re compliant by 25 May 2018:

“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”

Also marking one year until GDPR is implemented:

  • Elizabeth Denham is speaking to business leaders about the importance of cybersecurity at a Wall Street Journal event.
  • Deputy Commissioner Rob Luke is looking at GDPR and the digital economy at a Tech UK event.
  • An updated data protection toolkit for SMEs goes live on the ICO website, including a new element focussed on getting ready for GDPR. The checklist can help organisations assess their progress in preparing for GDPR.
  • The 12 steps to take to prepare for GDPR is relaunched, with updated guidance and increased focus on the need to act now to prepare for May 2018.

Data Protection Act 1998 - If you handle personal information about individuals, you have a number of legal obligations to protect that information. Principle 7 of the Act states that ' appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data' - having an approved shredding agreement for all your confidential paper records ensures legal compliance.

ICO (Information Commissioners Office) Example - 'As part of its security measures, an organisation ensures that information on laptop computers issued to staff is protected by encryption, and that desk-top computer screens in its offices are positioned so that they cannot be viewed by casual passers-by. Paper waste is collected in secure bins and is shredded on site at the end of each week.' 


More information available direct from Information Commissioners Office - http://www.ico.org.uk/
 


Information Destruction Standards - BSEN15713:2009 is the European standard for the Information Destruction industry, which provides organisations with recommendations for the management and control of collection, transportation, destruction of confidential material and recycling to ensure such material is disposed of securely and safely.  Putting your data destruction needs in the hands of a company that not only complies to BSEN15713:2009, but has it incorporated into their quality management system ISO 9001 and is inspected against it, is of critical importance to ensure the reliability of the services and products provided. Compliant companies:

  • Have demonstrated that their confidential destruction premises are secured and managed in the appropriate way, to avoid contamination or security breaches.
  • Have a clear and accurate process in place to ensure all contracts with clients, suppliers are up to standard. 
  • Have undergone staff screening and vetting against British Standard BS7858.
  • Have approved Vehicle satillite tracking, CCTV and alarmed and monitored buildings.
  • Have in place tested, secure and appropriate processes for the collection, retention and destruction of confidential material.

Duty of Care Environmental Legislation - All businesses produce waste and most types of business waste are classed as controlled waste. Controlled waste includes commercial, industrial and household waste, you have a legal responsibility to ensure that you produce, store, transport and dispose of controlled waste without harming the environment. This is called your duty of care.  You must ensure that anyone who handles your waste has the correct permit, registration or exemption license. You must check that your waste carrier is registered or holds an exemption. You need to keep evidence of this so you can prove you have checked if necessary. Ask to see your waste carrier's certificate of registration or a certified copy of it, which will show when their registration expires.
 
More information available direct from Net regs - http://www.netregs.org.uk
 

Evergreen Security Shredding & Recycling services are approved and vetted to BSEN 15713 standards, which are incorporated and audited within the ISO9001 Quality Management Systems. Copies of this certificate is available for customers to keep on file and review yearly to ensure compliance.

Customer compliance check list;

  1. Is your shredding company approved to BSEN15713 and incorporated within the ISO certificate ?
  2. Does the company have a waste carriers license, to enable them to carry waste ?
  3. Does your company have an Environmental Agency approved waste permit or Exemption License ?
  4. Does your company have an approved operating license to manage a transport fleet ?
  5. Does your shredding company have approved insurance for Public & Employers liability ?
  6. Does your company have ISO 14001 environmental quality systems vetted to UKAS auditors ?
  7. Is your shredding company local to minimize the risk of transportation and opportunists theft ?
  8. Does your shredding company charge per minute which is difficult manage and budget. Evergreen's costs are transparent and charge by container or weight.
  9. Does your company give a personal, ethical and reliable service.

If you would like to review your service or to obtain a best value alternative secure quotation, please contact us.