This guide is for persons responsible for data protection within an organisation, in particular for persons handling and disposing personal data stored or captured on a physical medium. With a focus on personal data stored on paper, and shredding being used as a disposal method, this guide seeks to provide information on common topics related to disposal of personal data; good practices that organisations should undertake in disposal of personal data; examples of common mistakes that organisations and individuals may make in relation to the destruction of personal data; and information on considerations for out-sourcing disposal to third parties.
Click here to find out more.
Revisions to Guide (updated 14 September 2021)
The guide is supplemented with the new Guide to Data Protection Practices for ICT Systems, which includes handling and disposal of personal data on physical storage mediums such as computers, portable hard drives and other electronic devices. The new guide provides a compilation of data protection practices from past PDPC advisories and guides, and recommends basic and enhanced practices that organisations can incorporate into their ICT policies, systems and processes.
Access the new Guide here.