Companies Risk Fines by Failing to Destroy CVs

GDPR Fines

Companies Risk Fines by Failing to Destroy CVs

Under the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018, companies may be at risk of hefty fines by failing to destroy sensitive data contained within documents such as job applicants’ CVs and application forms.

Usually, CVs are printed prior to interviews. This, however, risks serious data breaches unless the documents are subsequently destroyed.

Businesses found to be in violation of the GDPR, (including not having a person’s consent to process their data), can be fined up to 4% of their annual turnover or £17.5 million, whichever is greater.

Jonathan Richardson, managing director at secure shredding specialist Russell Richardson, said: “Ahead of the enforcement of GDPR, […], many businesses are rightfully focusing on cleaning up their electronic databases to remove the risk of breaches.  But it’s equally important that they destroy hard copies of sensitive and personal data — a perfect example of which is printed CVs, which are often cast aside or disposed of insecurely after job interviews.”

Although in-house office shredders are common, many businesses are beginning to outsource the shredding of confidential and sensitive documents.

Jonathan added: “The size of the fines they [businesses] are avoiding by securely destroying confidential information far outweighs the cost of such services.”

“And while recruiters often tell unsuccessful candidates: ‘We’ll keep your details on file,’ in future they’d be wise to rephrase this message.”

Click the link below to find out more about the upcoming GDPR:

ICO – Guide to The General Data Protection Regulations