Most companies now realise the importance of securing data on their devices before they dispose of or recycle computers, phones, laptops, and other equipment. But have you thought about what happens when devices change hands within your organisation? Perhaps when a member of staff leaves and their replacement uses the same laptop, or existing equipment changes hands as business needs vary over time? If you haven’t, especially if you process personal data covered by the GDPR, then you should read on.
Not every person within your organisation needs the same level of access to the same data. Having robust controls over who has access to what, especially personal data, is not only best data protection practice, it is a legal requirement under the “secure by design” principle of the GDPR. Failing to ensure that only those members of staff who need to access personal data can do so could lead to enforcement action from the Information Commissioner, and potentially a fine of up to €20,000,000, which few businesses can afford.
One solution would be the physical destruction of a device, and purchase of a replacement, every time staff change roles, leave, or a new starter joins the company. Of course, that approach is likely to be uneconomical (to say the very least!). Also, unless you have the knowledge, expertise, and equipment to physically destroy the devices in-house, you’re unlikely to be able to guarantee – and certify – that all the data has been securely destroyed without entrusting it to a specialist third party; a process which in itself means passing the data outside your company.
A better option for many companies will be a secure hard drive wipe from a specialist contractor such as AssetCare. Our data wiping software is approved and certified by the National Cyber Security Centre for use even with the most sensitive data pertaining to national security, so you can be confident that it will meet your needs.
Our specialist, security-vetted team of staff will work with you to set up a secure process and, once wiped, will thoroughly check your devices to ensure that absolutely no readable data remains.
At that point, once the device has been wiped, your own IT team can reinstall the operating system and necessary software, and pass the device on to the new member of staff, avoiding the need to purchase new equipment thus reducing costs as well as minimising environmental impact.