Case Study
DGD Shredding helped a local Authority in Ireland implement a secure shredding system across 33 locations which includes all sites in their organisation.
Background on council
Local authorities are responsible for local government in their county, and populations can vary between 25,000 to 360,000 in larger areas. Local Authority’s mission would be to make their local area the best possible place for all its people and for those that wish to live, visit, work or invest there.
We were approached by this government agency to provide a high security shredding solution for their requirements. To stay one step ahead of the new GDPR legislation, the data protection officer of the Council determined that the organisation needed to review their current data destruction policies.
Several issues were presented with their current shredding option which they wanted to change. These included:
- The use of in house shredders, this proved to be time consuming, costly and onerous on personnel. Also, with the use of in house shredders, there is not a provision of a certification of destruction.
- Consistency of service, they had previously been using different shredding contractors on an ad hoc basis.
- The receptacles they were using were bags that were left at various desks which were being filled over time. This exposed risk as anyone could access the data in the bags and they were not in a sealed environment.
GDPR – Legislation
The Data protection officer knew that the organisation would be at risk of a breach with their current system, to fulfil their due diligence a site visit to DGD Shredding’s destruction centre was arranged to see the process of offsite shredding. GDPR states explicitly that organisations hold responsibility of their whole data supply chain. Therefore, it is vital that the correct processes are in place to mitigate any potential risks of a data breach.
New data protection legislation paces full responsibility on the data controller Testimonials were given also.
The Solution
- The provision of a fully managed confidential shredding service with secure lockable consoles across the whole organisation to store the confidential data prior to destruction.
- These consoles are barcoded with a unique identification number and are serviced on a regular schedule, it is an autonomous easy to use efficient service that requires little effort from personnel.
- The confidential data is not held for any longer than is necessary
- Strong chain of custody are in place by the service provider DGD Shredding and all procedures in accordance with EN15713 code of shredding practice.
- Prevents any risk of a data breach as the data is in a locked and sealed in an environment prior to destruction
- The provision of the certificate of destruction substantiates the whole process which helps with the Council be compliant under the GDPR Legislation.
- The provision of a service level agreement, under the GDPR legislation their must be a signed agreement between a data processor and a data controller. This can be signed as a notification to activate services form under the OGP.
- Monthly report with a detail of the service carried out. This would also be detailed in the certificate of destruction.
- The local authority were now able to demonstrate compliance with GDPR having introduced good keeping practice with the provision of DGD Shredding services
- Cost savings were apparent due to the organisation not having to spend large fees on maintenance costs for large in house shredders.
- DGD Shredding are currently the only successful contractor for the provision of confidential shredding under the office of government procurement.
- As DGD Shredding will achieve carbon status by the end of 2023, this local authority are choosing am environmentally friendly sustainable solution for their destruction needs.
