Case Study
At DGD Shredding & Technology, client confidentiality is not just a service; it's a principle we apply to everything we do, including how we talk about our work. All case studies are anonymised by design. Specific client names, locations, and personnel are withheld in line with our confidentiality policy. The details presented reflect real engagements, accurately described. "We make it our business to make sure no one knows yours!"
Executive Summary: Secure Managed Shredding at Scale
- Client Sector: Public Sector / Local Government (Ireland)
- Locations Managed: 33 Regional Sites
- Population Served: 360,000+ Residents
- Service Solution: Managed Off-Site Document Destruction & Secure Console Systems
- Compliance Standards: EN15713 (Security), ISO 9001, ISO 14001, GDPR
- Key Outcome: Transitioned from high-risk in-house shredding to a 100% audited, OGP-vetted secure chain of custody.
The Challenge
Irish local authorities handle some of the most sensitive personal data in public life: planning applications, social welfare records, HR files, and correspondence from members of the public. For one large Irish county council, serving a population of 360,000+, that data was being handled inconsistently across 33 separate locations, from administrative offices to depots and community facilities.
The council’s Data Protection Officer identified three specific vulnerabilities during an internal review ahead of the GDPR enforcement period:
Reliance on in-house shredders
Staff across multiple departments were using desktop and office shredders on an ad hoc basis. Beyond being time-consuming and costly in terms of staff hours and machine maintenance, in-house shredding produces no chain of custody and no Certificate of Destruction, leaving the council unable to demonstrate GDPR compliance in the event of a Data Protection Commission inquiry.
Fragmented contractor arrangements
The council had been using different shredding contractors on a location-by-location basis, with no consistent SLA, no unified reporting, and no standardised security protocols. This created compliance gaps between sites.
Unsecured interim document storage
Confidential documents were being accumulated in open bags at desks and in communal areas accessible to any member of staff or visitor before being disposed of. This represented a clear and ongoing data breach risk under GDPR Article 5(1)(f), which requires appropriate security of personal data.
The DPO’s conclusion was clear: the council needed a single, auditable, organisation-wide solution before the risk became a liability.
Why DGD Shredding & Technology?
Before committing, the council’s procurement team conducted due diligence, including a supervised visit to DGD Shredding & Technology’s destruction facility in Raheen Business Park, Limerick. The visit allowed them to observe the full destruction process first-hand from secure vehicle collection through to industrial shredding and the issuance of a Certificate of Destruction.
DGD Shredding & Technology’s status as an approved contractor under the Office of Government Procurement (OGP) framework simplified the procurement process, removing the need for a full tender and giving the council the assurance of pre-assessed value and compliance standards.
DGD also holds the following accreditations relevant to this engagement:
- EN15713: the European standard for secure destruction of confidential material
- ISO 9001: Quality Management
- ISO 14001: Environmental Management
- iSIGMA membership
The Solution
DGD Shredding & Technology designed and implemented a fully managed confidential shredding programme across all 33 council locations. The solution was built around six principles: security at the point of storage, consistency of collection, auditability at every stage, and minimal burden on council staff.
- Secure console deployment
Lockable, tamper-evident consoles were installed at each location, replacing the open bags previously in use. Each console is barcoded with a unique identifier, allowing precise tracking throughout the chain of custody. Documents are secured from the moment they leave a desk. - Scheduled collection programme
DGD operates on a regular, pre-agreed collection schedule across all 33 sites, with Garda-vetted drivers and tracked vehicles. Confidential material is not held on-site beyond what the schedule requires, minimising exposure risk. - Certificate of Destruction
A certificate is issued for every collection, providing the council with documented evidence of secure disposal. This satisfies the GDPR requirement for data controllers to demonstrate accountability under Article 5(2) and supports audit readiness. - Data Processing Agreement
DGD operates under a signed Data Processing Agreement with the council, fulfilling the GDPR obligation for a formal contract between data controller and data processor (Article 28). The agreement can be activated under the OGP notification framework. - Monthly reporting
The council receives a monthly report detailing all collections across every site, service dates, locations, volumes, and destruction confirmation, giving the DPO a single document for compliance oversight. - Sustainability
100% of shredded paper processed by DGD is recycled into new paper products, supporting the council’s sustainability obligations. DGD Shredding & Technology was named Green Business of the Year and Green Small Organisation of the Year at the 2024 Green Awards credentials that aligned with the council’s own environmental commitments.
The Outcome
Since the programme was introduced, the council has:
- Eliminated the data breach risk posed by unsecured interim document storage
- Established a single, documented chain of custody across all 33 locations
- Achieved GDPR auditability through monthly reporting and Certificates of Destruction
- Reduced costs associated with in-house shredder maintenance and staff time
- Aligned its waste paper disposal with its sustainability and circular economy targets
“Public sector bodies handle the most sensitive data in the country. Relying on in-house shredding or unsealed bags is a high-risk strategy in the GDPR era. Our managed service doesn't just 'destroy paper'; it provides a legal shield and a verifiable audit trail that protects both the organisation and the communities they serve.”
What This Means for Other Local Authorities
If your local authority is managing data disposal across multiple sites, whether through in-house shredders, ad hoc contractors, or no formal system at all, you are likely exposed to the same risks this council faced before engaging DGD.
DGD Shredding is an approved OGP supplier, which means procurement is straightforward for any public body. We provide a full consultation, a site assessment, and a service design tailored to the size and geography of your organisation.
Contact us today: 1800 491 333 | sales@dgdshredding.ie | dgdshredding.ie | dgdtechnology.ie
FAQs
Every location is equipped with lockable, barcoded consoles that secure documents from the point of disposal. Collections are carried out by Garda-vetted drivers in tracked vehicles. All material is transported to our monitored destruction facility in Raheen Business Park, Limerick, where it is shredded in accordance with EN15713 — the European standard for secure destruction of confidential material. A Certificate of Destruction is issued for every collection across every site.
Yes. DGD Shredding & Technology is a registered provider under the Office of Government Procurement (OGP) framework. This means local authorities can engage our services directly without running a separate tender process, streamlining procurement while meeting public sector compliance requirements.
GDPR requires data controllers to implement appropriate technical and organisational measures to secure personal data (Article 5(1)(f)) and to demonstrate accountability for how that data is managed (Article 5(2)). DGD’s service addresses both: locked consoles and chain-of-custody protocols manage the security requirement, while monthly reports, Certificates of Destruction, and a signed Data Processing Agreement (Article 28) provide the documented evidence trail needed for audit readiness.
100% of shredded paper processed by DGD is recycled into new paper products. This supports Irish local authorities in meeting their sustainability targets and circular economy reporting obligations. DGD Shredding was named Green Business of the Year at the 2025 Green Awards and Green Small Organisation of the Year in 2024, reflecting our ongoing commitment to environmentally responsible destruction.
Yes. DGD Shredding operates nationwide across the Republic of Ireland and Northern Ireland. We have experience managing multi-site programmes for large county councils and can design a collection schedule tailored to the size, geography, and operational requirements of any local authority.
We supply a range of lockable, tamper-evident receptacles depending on the volume and type of material at each location — including standard consoles, 240-litre and 1,100-litre wheelie bins, secure crates, and IT media wheelie bins for hard drives and digital storage devices. Our team will assess each site and recommend the most appropriate solution.
EN15713 is the European standard that governs the secure destruction of confidential material. It sets requirements for the collection, transport, and destruction of sensitive documents, and mandates that service providers issue a Certificate of Destruction for every job. For local authorities, working with an EN15713-certified provider is one of the clearest ways to demonstrate due diligence to the Data Protection Commission.
