Transparency: The GDPR calls for mandatory record keeping; plus, data protection authorities can review a company’s privacy policies
at any time. Paper Mountain has a comprehensive information security policy that outlines data management and safeguarding procedures.
Leadership: Organisations with more than 250 employees will have to appoint a Data Protection Officer. But experts recommend that
every company have a data protection officer. “With today’s technology, there are many organisations with fewer than 10 employees that process the personal data of thousands of people and
have a much higher risk than many larger organisations,” said a privacy lawyer in a computer weekly post. Paper Mountain has an appointed DPO.
‘Right to be Forgotten’: Personal information cannot be held for any longer than necessary and only for the purpose it was originally
collected for, making secure destruction of personal information critical. Paper Mountain are a reliable document destruction company that provides secure destruction services for
paper documents, hard drives and electronic media, and issues a Certificate of Destruction after every destruction.
Notification: Data breaches will have to be reported within 72 hours of discovery.
(Paper Mountain has never had a Data Breach)
Privacy by Design: The GDPR calls for appropriate technical and organisational measures to protect personal data against unlawful
processing. Automated processes (flagging data for destruction, for example) are key, but a protected workplace can also guard confidential information with embedded safeguarding processes such as a
clean desk policy, staff training and training records, and not sub-contracting.
Training: Paper Mountain promoted awareness raising and training of staff involved in the processing operations. Provide ongoing
training, and implement a culture of security from the top down to protect our clients information from start to finish.
To Download Paper Mountain's GDPR policy please click below.