Whether you are upgrading your IT equipment or downsizing the amount of equipment you use in favour of the cloud, selling your unwanted IT assets is a great way to mitigate the cost of upgrading. However, in order to ensure the security of your business data, it is important that you have effectively prepared your assets for resale. Whatever the device you are selling, and whatever data it stored, it is vital that you take steps to protect it from recovery from the next owner.
Determine Which Assets are Suitable for Resale
Selling IT assets is a great way of reducing waste, but not all of your redundant IT assets will be suitable for resale. In order to ensure business compliance with data protection laws, some of your IT equipment, depending on data sensitivity, will require physical destruction. For example, Solid State Drives require much more thorough data destruction than a regular hard drive. To determine which assets are suitable for resale, your company should devise an ITAD policy, which will detail the steps you should follow when disposing of IT equipment, depending on the type of device and the nature of the data stored on it. Your business should consult this policy whenever you are looking to dispose of a device, whether it be a mobile phone or a hard drive.
Back Up Your Data
The first step you should take before selling your IT assets is to ensure that all your data is backed up. You might do this using an external hard drive, USB drive, or a cloud service (such as Dropbox). It is important that, no matter how little time the data is stored in these places, that you take its security seriously. Encrypt the data, and use secure passwords to protect it.
Eradicate Data Effectively
This is the most important step to take before selling your IT assets, as you must ensure that any data previously stored on the device cannot be recovered by its new owner. It is important to remember that simply deleting the data is not enough to ensure it completely eradicated. Of course, the steps involved in wiping data will vary from device to device, but you should always aim to overwrite the original data as many times as possible. The more times you overwrite the data, the more difficult it will be to recover.
Keep a Paper Trail
It is important that you keep a physical record of the life cycle of all of your devices, from the moment they come into your business, until their end of life, whether they are disposed of, recycled or resold. Under the new GDPR, which comes into effect in May, businesses will also be obliged to keep a Chain of Custody of all data, and keeping this paper trail of the ownership of your devices will also help you to track the whereabouts of your devices and ownership of the data.
Choose a Reputable ITAD Provider
You may wish to carry out all of your ITAD in-house, but in order to ensure complete business data security, you should enlist the help of an accredited ITAD provider, such as EOL IT Services. When choosing an ITAD provider, it is important that you do not simply consider the revenue you may take from selling your equipment, but also the service you will receive. Under the new GDPR, a business will still be held responsible for their data, even if it has been passed to a third party processor, which means you should choose an ITAD provider that treats your data and devices in the same way you would. Ensure that your provider is WEEE compliant, has the relevant accreditations and can provide you with a full audit trail of your devices.
Selling your redundant or surplus IT assets should not simply be about making money, and it is important that you follow a standardised service, not only to ensure compliance with legislation, but to ensure the complete safety of your business data.