Don’t forget your paper files
Many businesses focus GDPR compliance on their digital systems, but forget that the law also applies to paper documents. A folder with employment contracts, a binder with customer data, a printout of a medical file - all fall under the GDPR.
And honestly: paper documents are often less well secured than digital ones. They sit on desks, in open cabinets, or in cardboard boxes in the attic.
Which paper documents contain personal data?
More than you think:
- Personnel files - employment contracts, payslips, sick notes, performance reviews
- Customer data - quotes, contracts, correspondence, order forms
- Financial documents - invoices with name/address, bank statements, tax returns
- Legal documents - court papers, complaints, evidence
- Medical data - patient files, prescriptions, absence records
Practical security measures
Storage
- Store documents with personal data in lockable cabinets or rooms
- Limit access to employees who need the data for their work
- Label cabinets or folders to clarify contents and who has access
Clean desk policy
- Don’t leave documents with personal data unattended on your desk
- File documents when you leave your workspace, even for a short break
- Don’t leave incoming post with personal data open on a shared reception desk
Destruction
- Use a paper shredder for documents whose retention period has expired
- Cross-cut shredders (DIN P-4 or higher) offer more security than strip-cut
- For large volumes: engage a certified destruction company that provides a destruction certificate
- Also destroy copies, drafts, and sticky notes with personal data
Transport
- Transport paper documents in locked bags or folders
- Don’t leave folders unattended in your car
- Send documents with personal data by registered post or courier
Don’t forget to document
As with digital security, you must be able to demonstrate what measures you’ve taken. Record:
- Where paper documents are stored
- Who has access
- How and when they are destroyed
- Which retention periods you apply
GDPRWise helps you record all security measures, including for physical documents and files.