Transparency: The GDPR calls for mandatory record keeping; plus, data
protection authorities can review a company’s privacy policies at any time. Paper Mountain has a comprehensive information security policy that outlines data management and
Leadership: Organisations with more than 250 employees will have to
appoint a Data Protection Officer. But experts recommend that every company have a data protection officer. “With today’s technology, there are many organisations with fewer than 10 employees that
process the personal data of thousands of people and have a much higher risk than many larger organisations,” said a privacy lawyer in a computer weekly post. Paper Mountain has an
‘Right to be Forgotten’: Personal information cannot be held for any
longer than necessary and only for the purpose it was originally collected for, making secure destruction of personal information critical. Paper Mountain are a reliable document destruction
company that provides secure destruction services for paper documents, hard drives and electronic media, and issues a Certificate of Destruction after every destruction.
Notification:Data breaches will have to be reported within 72 hours
(Paper Mountain has never had a Data Breach)
Privacy by Design:The GDPR calls for appropriate technical and organisational measures to protect personal data against unlawful processing. Automated processes
(flagging data for destruction, for example) are key, but a protected workplace can also guard confidential information with embedded safeguarding processes such as a clean desk policy, staff
training and training records, and not sub-contracting.
Training: Paper Mountain promoted awareness raising and training of
staff involved in the processing operations. Provide ongoing training, and implement a culture of security from the top down to protect our clients information from start to
To Download Paper Mountain's GDPR policy please click below.
Paper Mountain GDPR Policy GDPR.png Portable network image format [1.6 MB]