Under data protection legislation, businesses must protect the personal data they store and use right up to the point they destroy it. What does this mean for your redundant IT?
So you’ve just bought ten new office computers from IT Resale’s high quality used stock. You know that all the equipment you have just bought has been fully tested and prepared for use by IT Resale. All data bearing devices have been securely data wiped to the highest standards by our security cleared staff using specialist software certified by National Cyber Security Centre and approved by Defence INFOSEC Security Centre. But now you need to dispose of your old computers so how do you do so securely and compliantly?
The General Data Protection Regulation (GDPR) introduced in May 2018 gives individuals greater control over their personal data and makes businesses accountable for the data they collect, store and use. This means that it is crucial to consider security and compliance when disposing of laptops, desktop towers, server equipment or other data-bearing devices.
Even storing redundant equipment can pose legal concerns under the GDPR. Individuals can now lawfully request organisations erase, rectify or provide a copy of their data records. This covers your entire inventory of IT assets including redundant data storing devices.
It’s vitally important to have a documented policy for redundant IT equipment and to have full audit trails for redundant equipment in order to demonstrate compliance. Failure to do so could result in high fines from the regulator and reputational damage from which your business could struggle to recover.
To help our clients demonstrate compliance and keep data secure on redundant IT, Crown Workspace has compiled a free checklist. Find out about the ramifications of individual rights under GDPR, the importance of auditing your WEEE contractor and ensuring your staff understand your legal requirements and dispose of their IT securely and compliantly.