Privacy Compliance

Being aware of your legal obligations in regards to data management is critical for all businesses. At Shred Easy, we ensure that all data destruction and shredding is fully compliant with the Privacy Act 1988, as well as the European Union’s General Data Protection Regulations (GDPR).

The Australian Privacy Act 1988

All Australian businesses are required to comply with the Privacy Act 1988. The Act protects the privacy of individuals and dictates how their personal information is handled. The Act covers the collection, use, storage and disclosure of personal information.

The Privacy Act was amended recently to enhance the protection of privacy in Australia, with 13 Australian Privacy Principles (APPs) applied to all organisations with revenue greater than $3 million.

One of the key principles dictates that businesses must take reasonable steps to protect personal data from mis-use, including an obligation to destroy or de-identify data in some circumstances. This is where secure shredding and data destruction is critical.

The General Data Protection Regulations (GDPR)

GDPR is the European Union’s General Data Protection Regulation scheme. Many businesses operating in Australia may also be required to comply with the GDPR, with stringent expectations and obligations.

Generally speaking, if you have offices in the European Union or sell goods and services to EU and UK citizens, you may be subject to GDPR compliance obligations.

GDPR focuses on information that concerns an individual, so there’s some consistency with expectations under the Australian Privacy Act 1988. The requirement to obtain consent and permission to hold data, and to remove it upon request, are key components of the GDPR and relate to both printed and electronic data.

Data destruction policies

A clear data destruction policy can help ensure compliance under the Privacy Act and GDPR.  Effective policies generally include guidelines around placing confidential documents and data into secure containers and the process for collection and secure destruction of the contents.

A clear audit trail and evidence of secure destruction also help to demonstrate your compliance. At Shred Easy, we shred all documents on-site and destroy non-paper items, including technology, on the same day. A Certificate of Destruction is issued via email within 24 hours, demonstrating the secure destruction of all data. As a NAID AAA certified provider, you can have complete confidence that our systems are held to the highest standard and meet all your obligations.