Skip to main content

The General Data Protection Regulation (GDPR)

Waste Disposal Solutions for your business.

The General Data Protection Regulation (GDPR) came into effect in the UK on 25th May 2018.

The General Data Protection Regulation (GDPR). There are certain areas within the new regulations which are particularly important to consider when looking at your confidential document shredding arrangements.

These include an individual’s right to be forgotten and the information you hold. The The General Data Protection Regulation (GDPR) encourages businesses not to hold any information that they don’t need to and so this means that it is good practice to securely shred documents on a regular basis.

GDPR applies to all businesses

The vast majority, if not all businesses will hold data that falls under these regulations, whether it be staff or customer details. It is also worth noting that sole traders and partners have the same rights as individuals under GDPR and, so it is really important to ensure that all data is treated in the correct manner.

Confidential documents must be properly dealt with

Businesses will not simply be able to throw paperwork away or put it in the recycling as neither of these are a secure destruction route. Therefore, all companies need to have a solution for their confidential documents and this is where Reef Environmental Solutions can help. We offer a comprehensive range of solutions to suit very small businesses right the way through to large offices and industrial sites. We provide a flexible and friendly service to accommodate every businesses needs whether it be for a one-off collection or office friendly containers with a regular collection.

 SEcure Office Consoles for Paper Shredding Get a Quote

"*" indicates required fields

GDPR Accept*
By using this form you agree to the processing and handling of your data by this website. For more information please see our Privacy Policy.
This field is for validation purposes and should be left unchanged.

The Information Commissioners Office (ICO) has issued a 12-step plan for businesses to use which is as follows:

Awareness

You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR.

01

Information you hold

You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit across the organisation or within particular business areas.

02

Communicating privacy information

You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.

03

Individuals’ rights

You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.

04

Subject access requests

You should update your procedures and plan how you will handle requests to take account of the new rules.

05

Lawful basis for processing personal data

You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.

06

Consent

You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.

07

Children

You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity.

08

Data breaches

You should make sure you have the right procedures in place to detect, report and investigate a personal data breach.

09

Data Protection by Design and Data Protection Impact Assessments

It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’. It also makes PIAs – referred to as ‘Data Protection Impact Assessments’ or DPIAs – mandatory in certain circumstances.

10

Data Protection Officers

You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements.

11

International

If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority and document this.

12

Areas We Cover

  • Hastings

  • Eastbourne

  • Tunbridge Wells

  • Sevenoaks

  • Ashford

  • Maidstone

  • Brighton

  • Crawley

  • Margate

  • Sussex

  • Canterbury

  • Sittingbourne

  • Chatham

  • Dartford

  • Dover

  • Folkestone

  • Reigate

  • Redhill

  • Surrey

  • Kent

Confidential waste services for you.

We provide a number of different solutions to meet your requirement. Contact us below for a quote today.

Contact Us

Address

Unit 11, Moorhurst Road

St Leonards on Sea

East Sussex, TN38 9NB

T: 01424 853985

E: sales.southeast@recorra.co.uk

"*" indicates required fields

GDPR Accept*
By using this form you agree to the processing and handling of your data by this website. For more information please see our Privacy Policy.
This field is for validation purposes and should be left unchanged.