UK businesses must conduct sensitive information audit before new GDPR legislation arrives

With the new General Data Protection Regulation (GDPR) coming into effect in May 2018, private information that isn’t destroyed correctly, or stored securely, could lead to UK businesses being fined a substantial £20million per breach.

With such huge financial penalties in play, it is vital that sensitive information audits are conducted by businesses who handle personal data.

A recent survey, conducted by office product specialist Fellowes, highlighted that employees are not taking data protection seriously despite the financial risks to their employers.

According to the study, 20 per cent of UK office workers never shred documents, with 40% of employees admitting they often throw client data straight into the bin.

A further 27 per cent of people admitted to having left confidential papers in fax machines, photocopiers and scanners. Whilst one in ten confessed to leaving confidential papers from meeting rooms or desktops.

Darryl Brunt, UK Sales and Marketing Director at Fellowes comments: “Despite the impending GDPR deadline, our research shows that many companies don’t appear to have systems and policies in place to protect sensitive information.”

He added: “It’s essential for businesses to have robust procedures in place to protect personal and confidential documents – including the secure shredding of obsolete sensitive paperwork.”

The statistics, which will concern employers across the UK, pose significant risks to client data breaches in an environment with a growing threat from fraud, misappropriation of confidential data and security leaks.

In the past year alone, there have been a number of cases were sensitive information has been found in public areas. For example, in October this year confidential child protection documents were found ‘blowing around’ a street in Leicester. There was also a case when private police documents were found in a park in Bath.

With new GDPR legislation looming, a sensitive information audit could prevent serious data breaches like these.



An audit should look at the best ways to manage records, protect sensitive information and destroy confidential documents. It also needs to assess the efficiency of your existing data protection protocols and identify any cost savings that can be made.

Simple steps to safeguard data ahead of new GDPR

Set up an audit team: Having a dedicated GDPR team within an organisation is something that some companies have already introduced. Bringing together heads of department can ensure new data policies trickle down to employees in different areas of the business

Train and re-train staff on data protection: Make sure all your employees are fully up-to-date with data protection laws ahead of new GDPR

Shred any documents you don’t need: Ensure all employees have access to shredders so all confidential paper waste – from sales figures to CVs – are destroyed properly

Add signs to common areas: Add signage to shared workspaces and send weekly update emails to remote-workers highlighting GDPR risk.

Don’t leave documents behind: Remember to check for any documents you might have left behind after working in public places.

Fellowes, which is celebrating 100 years in the office product industry, helps to protect customers and their clients with innovative office solutions including paper shredders, the first line of defense against data theft, as well as PrivaScreen™ blackout privacy filters which prevent prying eyes from reading your screen.

Find out more at http://www.fellowes.com/