• About us
  • Pricing
  • Services
    • Consultancy
    • Training
  • Partners
  • Resources
  • Contact
  • Login
  • Try for FREE
Do I need to register with the ICO and pay a data protection fee?
February 3, 2020
Data protection in franchises – being sure your franchisees are protecting personal data
March 5, 2020
February 20, 2020

Boxing clever: storing paper records under GDPR

Late last year, the ICO prosecuted a London pharmacy for its poor paper record storage. We look at storing paper records under GDPR and offer top tips to small businesses to ensure you are compliant.

The pharmacy in question kept patient data at the back of its premises in old, unlocked crates. An estimated 500,000 documents were stored there, some of which were water-damaged because they weren’t protected from weather. The company was fined £275,000 and received national press coverage for being the first company fined for breaching GDPR rules.

The documents were no longer needed but hadn’t been securely destroyed. They contained detailed medical information and the ICO determined that the company had failed to consider the risks of the data processing being carried out.

Top tips for better paper record storage

  1. Only keep what you need
    The company had over 2 years’ worth of records – and no written reason to keep them for that long. If you don’t need to hold on to sensitive paper records, then shred them as soon as you’ve finished with the documents.
  2. Store paper records safely
    The way the documents were stored was a huge concern to the ICO. Although the storage area had locked gates, the crates themselves were unlocked and not weather resistant. If these records were important, they should have been kept in a secure, dry place.
  3. Review your archives
    It’s easy for old document storage archives to build up. It can take extra work to review and discard of older stuff you don’t need any more and many of us have a ‘keep it just in case’ approach. Make sure you have a clear system that helps you to work out when to destroy older records. Your data retention policy should be clear on how long you’ll keep documents.
christa-dodoo-MldQeWmF2_g-unsplash (002)
There are several other lessons from this fine, and the ICO has clearly stated it expects ‘special category’ data to be treated with the utmost care.

If you’re unsure about how you’re keeping old paper records, contact us and see how Astrid can help your small business.

Find out more about the ICO’s prosecution of a London pharmacy.


Protect your business - become and remain GDPR compliant with Astrid

 
Subscribe today
 
Share
Emma Oram
Emma Oram

Related posts

January 3, 2021

Can I forget about GDPR after Brexit?


Read more

Leave a Reply Cancel reply

Your e-mail address will not be published. Required fields are marked *

Astrid Data Protection Ltd.

24 John Clare Close
Brackley
Northamptonshire
NN13 5GG

Useful links

  • Home
  • About us
  • Pricing
  • Services
  • Partners
  • Resources
  • Contact
  • Privacy notice
  • Cookie policy
Company number: 11166227 - ICO registration: ZA310233 - © 2018 Astrid Data Protection Ltd.
Astrid Data Protection Ltd uses cookies on this website. By using this website you are agreeing to our use of cookies. To find out more read our cookie policy and privacy policy. Accept Read More
Privacy & Cookies Policy