The General Data Protection Regulation (GDPR) applies to any company that processes personal data, including the way they dispose of data-bearing IT devices. The “right to be forgotten” gives clients the right to have their data erased. It cannot be disseminated or processed by third parties, even due to negligence, which is why your IT recycling service is so heavily affected by this regulation. Data protection officers are mandatory for businesses whose primary operation entails processing data on a large scale. Privacy-friendly strategies must be implemented through tools such as encryption, data wipes, and anonymising data. Noncompliance can result in heavy penalties of up to 4% of your annual global turnover or £20 million.
IT asset disposition (ITAD) professionals must meet a range of technological requirements. Under the new law, personal data must be erased, while unwanted or redundant IT equipment must be adequately destroyed, regardless of the device. Data-bearing assets need to be managed according to the risk of both external and internal data breaches. That means effective network protection must be supplied as well.
Businesses can no longer handle IT equipment according to space requirements or convenience alone. Compliance must come first. Redundant assets should thus be audited and included in data protection strategies. It’s best to create a detailed IT redundancy policy that involves immediate wiping of redundant devices. Shredding, transfers, and erasure should be used to achieve compliance.
Using an ADISA accredited operator is the best way to avoid penalties that can cripple small and large companies alike. Such ITAD providers have the technical and organisational processes in place to give data subjects complete security. ISO 27001 accreditation tells you that your operator fulfils the policy framework and procedures involved in information security management, and while the most recent version was published in 2013, it remains an important green flag when accompanied by ADISA certification. The latter remains the most important paperwork to look for in a compliant service provider.
Find Out More
A certified ITAD provider will have an audit history to prove their policies are solid and offer you evidence of compliance, making your asset disposal process remarkably simple and thorough. No business can afford to risk noncompliance, so Absolute IT Asset Disposals offer fool proof eradication processes that keep your recycling process secure. We don’t see disposal as a one-dimensional process, but rather one that must be sustainable, professional, and environmentally friendly. Download our ‘Guide To Mobile Data Sanitisation’ today to find out more.
Image source: Pixabay