Having a shredder to be GDPR Compliant

Am I concerned about the GDPR?

Absolutely, no matter the size of your company. As soon as you process personal data, i.e. data that (in)directly identify a natural person, e.g. name, bank account number, you are obliged to respect the privacy legislation. This is therefore necessarily the case for you.

What does the law say?

Personal data must be processed in a manner that ensures appropriate security of the data, including
protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.

So if you throw a sheet of paper containing the name of a customer or prospect into a waste paper basket, you run the risk that your document may be read.

What do I have to do?

Use a shredder to destroy and make illegible paper documents containing information relevant to data protection.

What are the risks?

A competitor can collect my clients’ information.
In the case of data leakage, my reputation and the image of my company may be tarnished.
Penalties: What kind of fines can organizations face for breaching the rules?
The maximum penalty is € 20 million or 4% of global turnover, whichever is higher