The DPA & Your Responsibilities
If you handle personal information about individuals, you have a number of legal obligations to protect that information under the Data Protection Act 1998.
The Data Protection Act 1998 (DPA) is an Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Anyone holding personal data is legally obliged to comply with this Act.
Principle 5 of the act confirms that personal data must not be held longer than necessary.
Data on paper must be shredded, not binned. It is not sufficient for paper to simply be ripped in half and thrown into a bin and having this put into a landfill. To fully comply with the Data Protection Act, you must have a written contract with a company capable of handling your confidential waste, which can provide a guarantee that all aspects of collection and destruction are carried out in a secure and compliant manner. In practice this means that you should choose a supplier which complies with the new European Standard BS EN15713:2009 for security shredding and also the BS7858 standard for staff vetting.