Struggling with GDPR compliance? Don't waste money on legal advice: Buy a shredder
Oh, and this visitor book. How about a £60 cardboard bin?
There is, it seems, no deterring the General Data Protection Regulation snake-oil sellers, who will happily stick "GDPR compliant" onto whatever they have to hand – including shredders, bins and visitor books.
Before the regulation came into force last May, there were software vendors aplenty touting their wares – but things quickly moved offline.
Take this Amazon listing for a shredder: "THIS MICRO CUT GDPR COMPLIANT PAPER SHREDDER WILL SHRED 6-8 A4 SHEETS OF PAPER IN ONE GO!" the ad screams.
However, beyond a note in the "special features" section saying it is "GDPR compliant", the company, Duronic, failed to offer any more details on what exactly makes it compliant.
Under the terms of the GDPR, organisations might have to comply with requests for data erasure and shouldn't hang on to data longer than necessary – and it's true that some shredders won't rip up certain documents, or do it well enough to properly destroy sensitive data.
For that reason, there is an international standard for shredder security, DIN classifications, that are based on the size of the strips left over.
However, Duronic's "GDPR compliant" paper-muncher doesn't offer any information on its DIN classification level, which might have been more useful but wouldn't serve to exploit people's fears about EU red tape or big bad data protection agencies poised to hand out mega-fines.
The shredder ad, spotted by Which? hack Andrew Laughlin and posted on Twitter, was quickly met with suggestions for other possible GDPR-compliant items.
And I have some GDPR compliant sellotape to help theshredser users piece back together all of the data they unlawfully shredded before its retention period had elapsed— Miss IG Geek (@MissIG_Geek) January 21, 2019
Although El Reg hasn't found any GDPR-compliant tape, we did spot this Amazon listing that described a filing cabinet as a "lockable secure GDPR unit".
Other firms trying to get in on the GDPR panic are Acorn and OfficeForce, which flog pricey cardboard bins.
The latter firm is hawking a pack of three (yes, just three) twin "GDPR waste" recycling bins for £56.
The "bins" – which are, apparently, "ideal for GDPR Waste Paper Separation whilst sat at your desk" – look suspiciously like normal box files, only with "recycling" logos on one and "confidential" on the other.
"Really good visitor book which hides the names of visitors! So we are GDPR compliant now!" wrote one elated customer (who was definitely a real person) of the "GDPR-compliant" visitor book.
However, it will come as no surprise to readers that not everyone was quite so convinced.
"Assuming this isn't a joke, if you think this is GDPR compliant I have a case of snake oil to sell you," one commentator observed.
"Hats off to the seller for jumping on the bandwagon, identifying and capitalizing on the general ignorance of many businesses." ®
Sponsored: Becoming a Pragmatic Security Leader