The first principle emphasises transparency, when collecting the data, it must be made clear why the data is being collected and how the data will be used. The collection processing and disclosure of the data must all be done in accordance with the law. That includes data collection, data storing and data processing.
Organisations must have specific and legitimate reason for collecting personal information. You must inform your clients about the purpose of the data collected and only use the data for those purposes. Under GDPR, clients must consent to the use of their personal data and must be easily able to withdraw consent whenever they want.
Under GDPR, data must be “adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed” This means that organisations should only store the minimum amount of data required for their purpose.
Personal data must be accurate and kept up to date. It’s important that old data is securely disposed of immediately. Keeping on top of your data is essential, regularly reviewing information held about individuals and delete or amend inaccurate information.
Once you no longer personal data for the purpose of which it was attained, it should be deleted or destroyed unless there is a reason for retaining it. A retention period would be need to be set for all personal data you collect and a justification for that date set.
The security of your data is paramount. Your organisation must ensure that all the appropriate measures are in place to secure the personal data you hold. This could be protection from internal threats such as unauthorised use, accidental loss or damage, as well as external threats such as phishing or theft. Data theft can occur both on and off line. Archiving your files off site in a secure facility can increase your security as oppose to leaving your files on site in the office for anyone to access.
The final principle states that organisations must take responsibility for the data they hold and demonstrate compliance with the previous principles. This requires a thorough documentation of all policies that govern and collection and procession of data. To ensure compliance, organisations must be sure that every step within the GDPR strategy is auditable and can be compiled as evidence efficiently.
Contact Paper Waste Confidential Business Services today with your Providing Data Destruction and Paper Recycling requirements.