EOL IT Services has now merged with tier1 Asset Management Ltd

The Importance of an IT Asset Disposal Policy

by | May 10, 2018 | IT Security, News

Does your company keep or process the personal data of EU citizens? If so, are you prepared to meet the challenge set by the GDPR when it comes to disposing of end of life data safely and securely?

The first step to ensuring that your data is protected at the end of its life is in establishing a formal policy that outlines specific guidelines in relation to IT asset disposal (ITAD).

What is ITAD?

IT asset disposal is a process which entails the disposal of end of life IT assets, for example, data bearing assets such as hard drives, mobile phones and laptops. ITAD is a specialised process which is often outsourced to a third party. A fully qualified ITAD provider will be able to ensure that the data contained on your end of life assets is disposed of securely, and that the impact on the environment of this process is minimal.

Why Do You Need an ITAD Policy?

It is always good business practice to adopt formal policies when it comes to the use and disposal of sensitive data-bearing assets, but there are two reasons in particular why you should adopt an ITAD policy.

The first reason is that it is crucial for organisations to be able to accurately track the usage of their IT assets throughout their lifespan. This is particularly important when assets reach the end of their lifespan, and can potentially become a security liability if they are indexed, stored and disposed of incorrectly.

Perhaps the most persuasive argument for adopting an ITAD policy is the growing need to ensure, and to prove, that your organisation is in compliance with all relevant industry regulations, such as the GDPR. By defining a formal ITAD policy which is enforced at all levels of your organisation, you will go a long way to standardising ITAD practices and ensuring full regulatory compliance.

The Impact of the GDPR

As we mentioned above, the introduction of the GDPR (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/) on 25th May 2018, and the new responsibilities it places on data controllers and data processors, makes defining an ITAD policy more important than ever.

As the data controller, your organisation should adopt a formal ITAD policy if the personal data of any EU citizens is stored on any of the data-bearing devices in your company. Equally, if you engage a third party to dispose of your IT assets, you must draw up a formal contract which defines their responsibilities as a data processor.

Your ITAD policy, as well as the contract with any potential third party, should determine how the personal data you store will be identified, and how this data will be securely disposed of when the asset bearing the data has reached the end of its lifespan. You should also think about the chain-of-custody procedures when the assets come to be disposed of, to ensure that you have a fully auditable paper trail, illustrating where your assets were at all times, who was in possession of them, and where and how they were disposed of.

With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.

Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.

Recent Stories

Does AI Fight or Facilitate Cybercrime?

Does AI Fight or Facilitate Cybercrime?

Despite the splash made by ChatGPT at the end of 2022, Artificial Intelligence and Machine Learning have been part of our daily lives for some time. We use smart home devices, chatbots, voice assistants, and Netflix recommendations with little thought as to what’s...

These 5 Sustainable IT benefits will boost your business.

These 5 Sustainable IT benefits will boost your business.

The urgent need to minimise the impact our technology has on our environment stretches far beyond the moral obligation. With the future development of our organisations in mind, if we are to continue to rely heavily on the networked technologies that simplify our...

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

Are Hardware Vulnerabilities Your Cybersecurity Blind Spot?

As cybercriminals commonly target software vulnerabilities, the assumption is easily made that cybersecurity threats come in the form of phishing, malware or ransomware. Consequently, corporate cybersecurity strategies can neglect the very foundation of the network,...