The General Data Protection Regulations (GDPR) are looming ever closer. By May 2018 all organisations must be in a position to demonstrate compliance with GDPR. But industry experts have warned there could be dire consequences for companies encountering the new rules unprepared.
IT secure destruction expert Alexander West of AssetCare computer recycling advised businesses to be wary of complacency over the new rules:
“GDPR will catch out many organisations. I expect examples will be made of several high-profile organisations from the outset in order to set a precedent. There are many complex aspects of the regulation; making sure your asset disposal procedure is compliant does not need to be one of them.”
“I would advise any organisation to engage with their suppliers in order to ensure their data bearing asset disposal systems are lawful; if this raises any concerns it is time to engage with a new supplier.”
According to a recent ADISA survey 66 per cent of the public sector data controllers are currently in breach of UK Data Protection laws when disposing of unwanted data bearing devices- what’s more, new, strict penalties could have painful repercussions for those who don’t take measures to increase IT security.
Maximum fines for non-compliance have increased to €20,000,000 or up to 4 per cent of global turnover. In addition breach notifications are also mandatory within 72 hours.
Recent high profile cases of data security lapses show the financial implications of a breach can have a reputational impact far greater than the fine itself. On the scale of work needed for business to catch up to the new rules, and the possible implications of such penalties, Mr West warned of serious consequences for those caught out:
“The forthcoming regulatory changes significantly increase the burden on all businesses and public sector organisations” he explained.
The standards, as defined in the new regulations, are there to protect sensitive data in a world where hackers and criminals are getting more and more sophisticated. Experts warn all businesses and institutions are now potential targets for online fraudsters, blackmailers, and hackers – even rogue states.
Despite the increased profile of cyber security in recent years, West still we estimated that less than 20 per cent of current transactions will stand up to the scrutiny of GDPR. It is hoped that with the warnings of industry experts, businesses will increase efforts to close the gap with the new requirements in time to comply with the new rules.
How does GDPR effect computer disposal?
Throwing away computers has become an increasingly complex area for business, with increasingly strict legislation used to protect data. The main areas of focus for data controllers looking to dispose of their sensitive devices safely and in compliance with GDPR can be summarised as follows:
• Put in place a code of conduct in relation to your data handling, storage and disposal
• Establish an audit regime and relevant method statements to ensure compliance
• Introduce formal risk assessments
• Ensure a robust contract and detailed service level agreement is in place with your disposal outlet
Every employer using IT or holding data will need to prepare for the changes and have in place a rigorous process for the handling and storing of data along with the management and final disposal of all types of data containing hardware.
AssetCare is a leading UK-based provider of IT disposal security and recycling services.
Company Name: Asset Care
Contact Person: Alexander West
Country: United Kingdom