GDPR laptop

GDPR And Data Destruction – What You Need To Know

We're sure by now you'll have heard all the buzz around GDPR. The General Data Protection Regulation comes into force on May 25th 2018. From that point onwards, any business that fails to comply will be subject to a hefty fine.

If you’re anything like us, you’ll already have been inundated with scaremongering calls and emails about how GDPR could affect your business. The big question we’ve been hearing is – How do I dispose of my old computer equipment while still complying with GDPR? And the good news is, we’ve got a really simple answer. As a data processor, Pure Planet Recycling takes care of that side of things for you.

How to ensure your data destruction is GDPR compliant

The GDPR is a lengthy, complex document that’s designed to streamline data privacy laws across Europe. Even when the UK leaves the EU, it’s likely to be worked in to UK law. If it isn't, you’ll still fall under GDPR rules if any of your customers are within the EU.

But how do you know which parts apply to you? And how do you ensure that you dispose of your old equipment in line with the new rules?

The first thing to know is that data destruction is classed as a form of data processing, which is subject to GDPR. By employing a secure data destruction provider like Pure Planet Recycling to destroy your electronic data, you’re the data controller, and we’re the data processor. That means the onus is on us to ensure GDPR compliance.

Nothing has changed from a service point of view at our end. We still securely collect and destroy your redundant media by shredding, crushing or degaussing. We then certify the data destruction process, which is a key requirement of the GDPR and means you have a full audit trail for every step of your data.

Which items of equipment do I need to consider?

In the case of electronic data, hard drives can be held within everything from printers and photocopiers to CCTV systems. GDPR requires that you identify all these data sources and can account for how long data is stored on them, and why.

When it comes to disposing of this data, we remove hard drives from equipment to ensure all the data will be processed through to destruction. You need to consider all sorts of media storage when auditing your equipment. This includes hard disk drives, solid state drives, media tapes, CDs and DVDs, memory sticks and mobile phones. We destroy and recycle all of these, removing the risk of that data being stolen and your business suffering a serious data breach.

So is all the scaremongering justified?

Any business that deals with customer data will need to understand and comply with GDPR. Mitigating the risk of a data breach – which would not just ruin your reputation, but result in an increased fine under new GDPR rules. So yes, it’s an important issue for any UK business or organisation that deals in any way with customer data.

That said, GDPR isn’t something that needs to be feared. The whole point of the new legislation is to bring data protection into the 21st century. Giving individuals more control over how organisations use their data can only be a good thing. By understanding the essentials, implementing some vital changes to your data privacy policy and outsourcing your electronic data destruction to a secure provider, you’ll be GDPR compliant before you know it.

If you require further information on GDPR and data destruction please call us on 01234 315496 or contact us.