The GDPR (General Data Protection Regulation) is the most significant change in data protection legislation to effect the ITAD industry since the WEEE directive in 2006.
This supersedes the DPA (Data Protection Act) of 1998 and provides a greater emphasis on individuals rights as well as the need for companies to justify what data they collect, how they collect it, how they use it, how long they hold it for and how they erase it.
Maximum fines have been increased significantly from £500k to €20m (or 4% of global turnover) and the ICO (Information Commissioners Office) who are in charge of enforcing it have announced they will be growing by 40% to tackle this.
With most of the emphasis of GDPR being placed on live data, ICEX are reminding companies of the increased Information Governance requirement to ensure the information it holds on individuals is removed in a secure and responsible way to ensure GDPR compliance.
When engaging with any IT Asset Disposal (ITAD) company, the following criteria should be met in order to ensure you are complying with the new GDPR regulations by implementing the right data governance procedures…
- There is a contract in place which clearly sets out the expectations between the client and ITAD
- Partners should be regularly audited
- The whole process must be traceable and a record of individual assets processed must be made available
- NCSC (National Cyber Security Council) approved products should be used for overwriting
If you would like to talk to someone about how we can help you, then call us on 01376 503900, or email firstname.lastname@example.org.