How does GDPR affect the retention and disposal of paper documents?

We often forget that it is not only electronic data that needs to be protected. The ones we print out on paper are at the same risk. So how do we approach this issue?


It's been almost a quarter of a year since the GDPR appeared with its finger raised warningly above us. Most companies take data protection for granted and have essentially needed no change in the form of amended legislation to do so. What is often forgotten, however, is that data leaks are not only a danger with digital documents, but paper documents also need to be guarded against.

The UK's Data Protection Authority has had hundreds and hundreds of data breaches and through this they have highlighted a very interesting fact - a full 40% of cases involved paper documentation. Most of the misconduct was due to the loss or theft of paper documents, but it has also been shown that companies are not storing and disposing of these documents correctly.

The GDPR requires companies to comply with security measures not only for electronic documents but also for hard copy ones. It is therefore essential to comply with the rules for their archiving and shredding. There is a so-called storage limitation principle and this requires that processed personal data is kept only for the necessary time required for the purposes of the processing. After this period, any paper document containing personal data must be shredded. When you dispose of paper documents, be sure to make sure that you choose a machine that will actually shred the material to meet the classification level.

Do you work with paper documents in addition to digital documents? Are you unsure if you are storing and disposing of these documents properly? Please do not hesitate to contact us, we will be happy to discuss everything with you.