GDPR and Your Responsibilities

You may have heard of the new piece of legislation coming into play in May 2018, GDPR (General Data Protection Regulations).

The EU-driven version of the Data Protection Act will be here before we know it, and affecting the majority, if not all, of businesses. Complying with GDPR should be at the top of your priority list, but when it comes to IT asset disposal, it is vital that you know what to do.

Got any unwanted or redundant IT equipment? Keep reading to find out what you should be doing once GDPR comes into effect.

What is the Purpose of GDPR?

The primary objective of the GDPR is to give more control to citizens over their own personal data. It is also to simplify the regulatory environment for international business by unifying the regulations within the EU.  It means that all organisations will face the challenges of compliance and, with the significantly hefty fines, this new regulation should be paid close attention to. The penalties for a data breach are currently set at around £0.5M but can be as high at 20M or 4% of a company’s annual turnover, what is highest.

What Needs to Be Disposed Of?

Most businesses may think that GDPR only refers to personal data, maybe used for sales purposes or marketing; however, the definition spreads wider than that. In fact, a major part of the new regulations includes the erasure and destruction of personal data, including unwanted or redundant IT equipment; everything from PCs to laptops, mobile phones, servers and even printers. Anything which could have personal data stored on it needs to be disposed of properly.

Who Does This Responsibility Lie With?

Typically, the disposal of redundant ICT equipment often sits with the IT manager or head of company. They will usually be tasked with implementing effective network protection to make sure that no data can be externally accessed. With the change in procedures and the coming of GDPR, we are expecting to see a shift in behaviour for many businesses; a greater focus on data protection through the entire lifecycle of equipment, from point of purchase to its redundancy.

The disposal of data-bearing assets will no longer be a main concern of space and inconvenience. The mind-set of an organisation will need to change to understand the threat of data breaches – from cradle to the grave.

Compliant, safe, and secure disposal will become a vital part of the equipment’s life, until it has been certified as data safe.

Even storing redundant equipment can pose legal concerns under the new regulation.

What Can You Do?

  • Audit your redundant assets
  • Include redundant IT assets in your data protection policies and procedures
  • Create a specific policy for redundant IT
  • Consider wiping all redundant assets immediately
  • Inform your staff of the changes
  • Don’t wait until May to rush and be compliant at the last minute
  • Get in touch with an expert to help you


Here at ICT Reverse, we are experts in data erasure, transfer, shredding and destruction as well as collections and audits. If you would like further information on how we can help you become compliant with GDPR before the time is up, simply get in touch with our team.