Next May the European Union’s General Data Protection Regulation (GDPR) will come into force. It will replace the Data Protection Act in the UK and creates new responsibilities for businesses, like requiring permission in order to store and use personal data. With more businesses using digital tools to manage and store data it means secure electrical waste disposal will be more important then ever.
Breaching the GDPR will lead to serious consequences, the fine structure laid out in the plans could mean a 20 million euro charge or 4% of global revenue depending on which is the larger figure. In 2015 TalkTalk failed to prevent a cyber attacker accessing customer data and received a £400,000 fine, if the situation were repeated next year the fine would be much larger.
Even small organisations hold large amounts of data about their customers, it can be used for a multitude of reasons like marketing and analytics. However more and more of this information is being stored on servers, hard drives, mobile phones and computers. Destroying data on electrical waste is a more complex process than simply shredding documents.
There are many regulations surrounding the removal, wiping and destruction of electrical waste. However the most important condition is ensuring that the data is not recoverable. This either means fully destroying the data storage device using shredding or alternatively using software to wipe the data before overwriting the hard drive in order to ensure it cannot be accessed again. The problem many companies are finding though is that data is not stored in one place and that the policies they have to protect customer data are not being complied with.
A study by Sharp found that a quarter of employees were storing company data on the public cloud (despite it being contrary to company policy), two fifths use personal devices at work and a third take work home with them. Under GDPR this could be construed as a major breach and lead to massive fines.
There are a growing number of rogue companies offering secure WEEE recycling using one of these companies could lead to massive fines under the GDPR. It requires evidence of data destruction and many of these companies do not properly wipe electronic devices of sensitive information. Ensuring that the company you use holds the necessary licences to safely dispose electrical waste is essential under the GDPR because you are still responsible for that data even after disposal. You need to show that sub-contractors are responsible and are properly disposing of data. Our simple guide gives a good example of what certifications to look for when selecting a waste disposal company.
Is your electrical waste GDPR compliant? We are well experienced in this field and our procedures will help ensure your company is GDPR compliant.