Businesses failing to manage sensitive data

Businesses Failing to Manage Sensitive Data despite GDPR Coming Soon

A recent survey of SMEs found that almost a third of businesses are failing to destroy sensitive data despite new data security laws coming into place in just a few months.

This new research was conducted by secure shredding specialist Russell Richardson, who asked 500 SMEs “Do you shred printed documents/data in the workplace?”

44.2% said they only shred what they see as personal data. However, 3.8% said they only destroyed documents containing personal data about employees.

Only 16.4% said that they shredded all documents in their possession. This is worrying for the remaining respondents who are failing to shred all their documents in light of the new General Data Protection Regulation (GDPR) coming in May. 

What is GDPR?

GDPR will replace the Data Protection Act 1998 in May this year. Under GDPR, personal data “shall not be kept for longer than is necessary” and businesses must destroy such information in a secure way.

At the moment, the UK’s Information Commissioner’s Office (ICO) can fine up to £500,000 for failure to comply with data protection laws. However, the new GDPR rules will allow them to fine a company up to £17.5 million (€20 million) or 4% of the business’s annual turnover, depending on which is more.

Jonathan Richardson, managing director at Russell Richardson said: “We are all aware of online confidentiality; however, in many offices the same diligence isn’t applied to hard copies of documents.

“Paper-based data poses just as much of a security risk as digital data, but it can be permanently destroyed by means of shredding.”

Richardson also says: “In light of the imminent GDPR it is imperative that companies take the safe disposal of documents seriously, otherwise the consequences could be extremely detrimental to their business.”

With this in mind it could be time for your business to invest in a good shredder as the risks of not complying with GDPR are simply not worth it. Make sure you’re telling all your staff about the new rules way ahead of time so everyone has time to get ready.


Are you GDPR ready at your company? For more information you can take a look at this guide from the Information Commissioner’s Office. Please leave any thoughts or questions in the comments.