What should be shredded in the workplace?
As the nation returns to work, things are going to be different. Habits will have changed. Previously furloughed staff will be adjusting to working again; home workers may be preparing for transferring back to the office, and new data will have been collected over recent months that may not have been dealt with as it was before lockdown.
Add to that the implementation of Track & Trace into a wide range of businesses, suddenly there is a lot more personal detail potentially being held by your company. Here’s a timely reminder of documents you should be sorting for shredding:
Personal data could be any information that identifies an individual, whether they are a customer, client, employee or associate. Anything that can identify someone fits in this category, including photos, names, addresses, phone numbers, transactions or social media activity.
Information that could be used for crime
Shredding personal data is also important in the fight against crime. Fraudsters can use people’s personal details to open bank accounts, take out credit cards, loans or benefits, order goods under a stolen identity or get a passport or driving licence.
Every country has its own legal requirements on how long contracts, business agreements and similar documents must be stored. In the UK this is usually a period of six years beyond the length of the contract. Although destruction timings should always be checked carefully, documents like these should be safely shredded at the right time.
If you have documents that do not directly relate to company information or accounts, which don’t need to be kept, check when these can be destroyed. These could include receipts, deposit slips and bank statements. It may be the case that once these documents have been used to reconcile accounts or expense claims, they can be shredded.
The GDPR requires human resources (HR) departments to demonstrate why they are keeping data on employees, past and present. If applicable, it expects them to justify why they’re keeping any data beyond the required retention period.
HR data should be regularly checked, and employee consent sought if any needs to be kept longer than usual. Once data has reached its legal expiry date, it must be shredded.