Transparency: The GDPR calls for mandatory record keeping; plus, data
protection authorities can review a company’s privacy policies at any time. Paper Mountain has a comprehensive information security policy that outlines data management and
safeguarding procedures.
Leadership: Organisations with more than 250 employees will have to
appoint a Data Protection Officer. But experts recommend that every company have a data protection officer. “With today’s technology, there are many organisations with fewer than 10 employees that
process the personal data of thousands of people and have a much higher risk than many larger organisations,” said a privacy lawyer in a computer weekly post. Paper Mountain has an
appointed DPO.
‘Right to be Forgotten’: Personal information cannot be held for any
longer than necessary and only for the purpose it was originally collected for, making secure destruction of personal information critical. Paper Mountain are a reliable document destruction
company that provides secure destruction services for paper documents, hard drives and electronic media, and issues a Certificate of Destruction after every destruction.
Notification:Data breaches will have to be reported within 72 hours
of discovery.
(Paper Mountain has never had a Data Breach)
Privacy by Design:The GDPR calls for appropriate technical and organisational measures to protect personal data against unlawful processing. Automated processes
(flagging data for destruction, for example) are key, but a protected workplace can also guard confidential information with embedded safeguarding processes such as a clean desk policy, staff
training and training records, and not sub-contracting.
Training: Paper Mountain promoted awareness raising and training of
staff involved in the processing operations. Provide ongoing training, and implement a culture of security from the top down to protect our clients information from start to
finish.
To Download Paper Mountain's GDPR policy please click below.