The EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018, replacing the EU Data Protection Directive 1995.
The regulation applies to all organisations that handle, store, or process the personal data of EU citizens and has a substantial impact on ITAD professionals worldwide.
After the initial flurry of activity from business after the regulations came into force – and an extensive learning programme – a number of organisations across all sectors are looking for reminders about what GDPR means and how it can have a major effect on organisations.
What is GDPR?
The General Data Protection Regulation (GDPR) applies to any company that deals with or processes personal data including the way they dispose of data-bearing IT devices.
The “right to be forgotten” gives clients the right to have their data erased. It cannot be disseminated or processed by third parties, even due to negligence, which is why your IT asset disposal partner is so heavily affected by this regulation. Data protection officers are mandatory for businesses whose primary operation entails processing data on a large scale.
Privacy-friendly strategies must be implemented through tools such as encryption, data wipes, and anonymising data. Non compliance can result in heavy penalties of up to 4% of your annual global turnover or £20 million.
IT Recycling Under GDPR
IT asset disposition (ITAD) professionals must meet a range of technological requirements as GDPR compliance remains vital. Under the new law, personal data must be erased, while unwanted or redundant IT equipment must be adequately destroyed, regardless of the device. Data-bearing assets need to be managed according to the risk of both external and internal data breaches. That means effective network protection must be supplied as well.
Businesses can no longer handle IT equipment according to space requirements or convenience alone. Compliance must come first. Redundant assets should thus be audited and included in data protection strategies. It’s best to create a detailed IT redundancy policy that involves immediate wiping of redundant devices. Shredding, transfers, and erasure should be used to achieve compliance.
ITAD providers have the technical and organisational processes in place to give data subjects complete security. ISO 27001 accreditation tells you that your operator fulfils the policy framework and procedures involved in information security management, and while the most recent version was published in 2013.
How ICT Reverse can help
No business can afford to risk non compliance, so ICT Reverse Asset management offers comprehensive eradication processes that keep your recycling process secure. We don’t see disposal as a one-dimensional process, but rather one that must be sustainable, professional, and environmentally friendly.
It is more important than ever to protect yourself from a data breach at every stage of the data handling journey – even for end-of-life data and IT assets.
Data shredding provides privacy and peace of mind. With help from the data shredding service experts here at ICT Reverse, you can prevent your business’ data from falling into the wrong hands, protecting yourself and your customers from fraud, litigation, and reputational damage.
Do you have a stockpile of old hard drives you no longer need – such as hard disk drives (HDDs), solid state drives (SSDs), or linear tape-open (LTO) data tapes? Our data shredding experts will dispose of them securely and responsibly in line with all relevant data protection legislation and industry certifications. What’s more, thanks to our sustainable approach, zero waste will be sent to landfill.
Guarantee the security of your company data with data shredding services from ICT Reverse. Contact us today to arrange the unrecoverable destruction of your data.
To find out more about how ICT Reverse can assist in ensuring you remain GDPR compliant for IT asset disposals contact us today on 01524 580900 or alternatively via www.ictreverse.com