Does your company keep or process the personal data of EU citizens? If so, are you prepared to meet the challenge set by the GDPR when it comes to disposing of end of life data safely and securely?
The first step to ensuring that your data is protected at the end of its life is in establishing a formal policy that outlines specific guidelines in relation to IT asset disposal (ITAD).
What is ITAD?
IT asset disposal is a process which entails the disposal of end of life IT assets, for example, data bearing assets such as hard drives, mobile phones and laptops. ITAD is a specialised process which is often outsourced to a third party. A fully qualified ITAD provider will be able to ensure that the data contained on your end of life assets is disposed of securely, and that the impact on the environment of this process is minimal.
Why Do You Need an ITAD Policy?
It is always good business practice to adopt formal policies when it comes to the use and disposal of sensitive data-bearing assets, but there are two reasons in particular why you should adopt an ITAD policy.
The first reason is that it is crucial for organisations to be able to accurately track the usage of their IT assets throughout their lifespan. This is particularly important when assets reach the end of their lifespan, and can potentially become a security liability if they are indexed, stored and disposed of incorrectly.
Perhaps the most persuasive argument for adopting an ITAD policy is the growing need to ensure, and to prove, that your organisation is in compliance with all relevant industry regulations, such as the GDPR. By defining a formal ITAD policy which is enforced at all levels of your organisation, you will go a long way to standardising ITAD practices and ensuring full regulatory compliance.
The Impact of the GDPR
As we mentioned above, the introduction of the GDPR (https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/) on 25th May 2018, and the new responsibilities it places on data controllers and data processors, makes defining an ITAD policy more important than ever.
As the data controller, your organisation should adopt a formal ITAD policy if the personal data of any EU citizens is stored on any of the data-bearing devices in your company. Equally, if you engage a third party to dispose of your IT assets, you must draw up a formal contract which defines their responsibilities as a data processor.
Your ITAD policy, as well as the contract with any potential third party, should determine how the personal data you store will be identified, and how this data will be securely disposed of when the asset bearing the data has reached the end of its lifespan. You should also think about the chain-of-custody procedures when the assets come to be disposed of, to ensure that you have a fully auditable paper trail, illustrating where your assets were at all times, who was in possession of them, and where and how they were disposed of.
With over 25 years industry experience, tier1 are proud to be the UK’s most accredited ITAD supplier. We possess the skills, accreditations and experience to handle our clients’ data with the care they deserve, and to dispose of it responsibility and legally.
Contact us today on 0161 777 1000 or visit https://www.tier1.com to find out how we can help you dispose of your data safely and reliably.
