by GDPR Associates | 22nd March 2019 11:20 am
There is, it seems, no deterring the General Data Protection Regulation snake-oil sellers, who will happily stick “GDPR compliant” onto whatever they have to hand – including shredders, bins and visitor books.
As Google has recently learned, failing to meet the requirements of the GDPR can be costly – so it’s no surprise companies have tried to cash in on compliance.
Before the regulation came into force last May, there were software vendors aplenty touting their wares – but things quickly moved offline.
Take this Amazon listing for a shredder: “THIS MICRO CUT GDPR COMPLIANT PAPER SHREDDER WILL SHRED 6-8 A4 SHEETS OF PAPER IN ONE GO!” the ad screams.
However, beyond a note in the “special features” section saying it is “GDPR compliant”, the company, Duronic, failed to offer any more details on what exactly makes it compliant.
Under the terms of the GDPR, organisations might have to comply with requests for data erasure and shouldn’t hang on to data longer than necessary – and it’s true that some shredders won’t rip up certain documents, or do it well enough to properly destroy sensitive data.
For that reason, there is an international standard for shredder security, DIN classifications, that are based on the size of the strips left over.
However, Duronic’s “GDPR compliant” paper-muncher doesn’t offer any information on its DIN classification level, which might have been more useful but wouldn’t serve to exploit people’s fears about EU red tape or big bad data protection agencies poised to hand out mega-fines.
The shredder ad, spotted by Which? hack Andrew Laughlin and posted on Twitter, was quickly met with suggestions for other possible GDPR-compliant items.
Although El Reg hasn’t found any GDPR-compliant tape, we did spot this Amazon listing that described a filing cabinet as a “lockable secure GDPR unit”.
Other firms trying to get in on the GDPR panic are Acorn and OfficeForce, which flog pricey cardboard bins.
The latter firm is hawking a pack of three (yes, just three) twin “GDPR waste” recycling bins for £56.
The “bins” – which are, apparently, “ideal for GDPR Waste Paper Separation whilst sat at your desk” – look suspiciously like normal box files, only with “recycling” logos on one and “confidential” on the other.
Further GDPR-compliant items include beauty client record cards that come with a pre-printed blurb about data retention and use, and a multitude of visitor books and badges.
“Really good visitor book which hides the names of visitors! So we are GDPR compliant now!” wrote one elated customer (who was definitely a real person) of the “GDPR-compliant” visitor book.
However, it will come as no surprise to readers that not everyone was quite so convinced.
“Assuming this isn’t a joke, if you think this is GDPR compliant I have a case of snake oil to sell you,” one commentator observed.
“Hats off to the seller for jumping on the bandwagon, identifying and capitalizing on the general ignorance of many businesses.”
The original article (and image) was originally posted here: https://www.theregister.co.uk/2019/01/22/gdpr_compliant_shredder_book/
Source URL: https://www.gdpr.associates/struggling-with-gdpr-compliance-dont-waste-money-on-legal-advice-buy-a-shredder/
Copyright ©2020 GDPR Associates unless otherwise noted.