GDPR (General Data Protection Regulations) – What you need to know! – DOWNLOAD BROCHURE

The law – which comes into effect in May 2018 – will also offer more power to citizens, in regards to what companies can do with their private data.

While the new law will be beneficial on all sides, the GDPR has ostensibly been designed to protect consumers. These regulations are designed to protect customer data in the new digital environment, where companies such as Facebook and Google share the personal data of account holders in exchange for site access and features. GDPR seeks to return more control of the situation back to the user. This could make EU users less wary of sharing information on such platforms and GDPR should establish clear rules under which businesses can operate regards to the handling of customer data. With these new rules the boundaries should be easier to understand on both the corporate and consumer end, which should be easier for businesses to earn and hold the trust of customers.


The two parties in the realms of Data Security are “The Controllers” and “The Processors” of digital information. The Controllers are the entities that determine the methods and reasons for the processing of user’s data; i.e. any organisation – be it a company, a charity or a government entity. The Processors are the IT firms that actually, handle the technical function through which the data can be processed.

GDPR will affect all controllers and processors that handle the personal data of EU residents, regardless of whether the controlling or processing parties are based in Europe or abroad. As such the new law affects all online businesses and platforms that accept customers or members. The balancing act between controllers and processors works as follows:

  • Controllers must ensure that their processors function in accordance with the new regulations
  • Processors must make sure that their activities abide to the new law and maintain applicable records

Processors holds full and even partial responsibility for a data breach, and will be penalised much more strictly under this regulation than the pre-existing Data Protection Act. The actual source of a breach won’t even matter under the new law, as the processor will bear most of the blame.


From the 25th May 2018 controllers will be required to be completely transparent with the processing of EU user data for specific purposes. Once the purpose is completed and the controlling / processing entities have no lawful need for the data given by the user it must be deleted. Personal data therefore should no longer be stored idly and indefinitely on servers that could be hacked at any time.


For personal data of EU residents to be processed under GDPR, at least one of the following must apply:

  • Compliance with a legal contract
  • The protection of an interest deemed essential to the life of the individual
  • The processing of data within the interest of the public
  • The prevention of fraud

Important Note: If a person has consented that their personal data can be used this will be deemed lawful

What can HIGHLANDER do to ensure YOUR data destruction procedures meet GDPR requirements?

1 – We will ALWAYS collect and destroy your old documents to EN15713 standards

4 – We will ALWAYS offer customers the chance to view the materials being destroyed

7 – We will ALWAYS shred your material within 24 hours of receipt at our destruction centre

2 – Our staff will ALWAYS be background checked to BS7858 standards

5 – We will ALWAYS be on hand to offer advice and guidance on GDPR requirements

8 – We will ALWAYS provide a competitively priced service, removing the worry about shredding costs

3 – Our secure collection options will ALWAYS meet your GDPR requirements

6 – We will ALWAYS provide a secure storage and collection solution for your old documents

9 – Our unrivalled service will ALWAYS mean your documents NEVER come back to bit you!

We advise all customers that by holding information and confidential data for too long, you are potentially exposing yourselves to unnecessary scrutiny, potential breaches of the GDPR Regs and potential fines of up to £17M or 4% of the companies worldwide annual turnover PLUS individuals are now also able to claim for compensation if they fall victim to a company, or organisation not complying with the GDPR! Don’t take ANY chances with your records – Our security shredding service is proven to be “More destructive than a Great White!” so your documents will “NEVER come back to BITE you!”

At Highlander we STRONGLY encourage people to shred old documents as soon as they become redundant, rather than unnecessarily retaining them – or simply put for your old documents “Once they’re dead, it’s time to shred!”

Please do not hesitate to contact is for more information – speak to one of our shredding experts NOW at 01355 241088 or at – we look forward to hearing from you!