EOL IT Services has now merged with tier1 Asset Management Ltd

What the GDPR means for IT Disposal

by | Sep 19, 2017 | IT Security, News

The GDPR, or General Data Protection Regulation, will come into force in May 2018. The regulation, set by European Parliament, intends to strengthen and unify data protection regulations across the EU. Much of what the new regulation legislates for is covered by the UK’s current Data Protection Act, but there are some important elements you need to be aware of when it comes to disposing of your business’s data and IT assets.

Under the new regulations, any business that falls victim to a data breach only has 72 hours to report it, and if they are found to be in breach of the GDPR guidelines, they could be fined 4% of the business’ annual turnover or €20 million (whichever is greater). Clearly it’s crucial that your business is fully compliant with the GDPR, and in our latest blog we take a look at some of the most important elements you need to be aware of before the regulations come into effect next year.

Controllers and Processors are Responsible

Whereas under the UK’s current Data Protection Act it is simply the data controllers that are responsible for the secure disposal of IT assets, the new GDPR states that data processors will be held responsible too. This means that controllers must appoint an experienced and credible data processor to deal with their ITAD needs and both parties will be accountable to each other during the process.

Contracted Data Disposal and Processing

When employing an ITAD company to dispose of your data and equipment, both parties must sign a contract agreeing that all data processing activities will comply with both the controller’s own specific requirements and the new regulations set out by the General Data Protection Regulation. The contract must detail the duration, purpose and nature of the data processing, as well as the type of data processed, and the rights and responsibilities of the controller during the process, and both parties must act within the agreement set out in this regulation.

Personal Data Must be Traceable From Start to Finish

However and wherever the personal data that your business uses is stored will need to be recorded from the start to the end of its life, regardless of the size or nature of your business. In these records, you must cover what personal data is being stored and what it is used for, as well as proof of consent to use the data. You will also need to prove how the data is being protected and where it goes when you no longer need it. Remember that under the new regulation, personal data covers a plethora of different pieces of data, ranging from names and images to IP addresses and medical information.

Disposal Must Be Fully Auditable

In order to demonstrate complete regulation compliance, you must be able to audit the data trail. Your IT assets for disposal should be collected in a GPS tracked vehicle and stored in secure and licensed facilities that use NCSC (https://www.ncsc.gov.uk/) approved data erasure software or physical destruction methods appropriate for the data bearing media. You should be able to track precisely what data was erased/destroyed and by whom. This helps to ensure complete accountability for data throughout the process.

Not only is GDPR compliance crucial to protect your clients’ data, failure to do so could actually place your entire company at risk. This means that it is more important than ever to protect yourself from a data breach at every stage of the data handling journey – even for end of life data and IT assets.

With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.

Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.

Recent Stories

Does AI Fight or Facilitate Cybercrime?

Does AI Fight or Facilitate Cybercrime?

Despite the splash made by ChatGPT at the end of 2022, Artificial Intelligence and Machine Learning have been part of our daily lives for some time. We use smart home devices, chatbots, voice assistants, and Netflix recommendations with little thought as to what’s...

These 5 Sustainable IT benefits will boost your business.

These 5 Sustainable IT benefits will boost your business.

The urgent need to minimise the impact our technology has on our environment stretches far beyond the moral obligation. With the future development of our organisations in mind, if we are to continue to rely heavily on the networked technologies that simplify our...

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

As cybercriminals commonly target software vulnerabilities, the assumption is easily made that cybersecurity threats come in the form of phishing, malware or ransomware. Consequently, corporate cybersecurity strategies can neglect the very foundation of the network,...