Reports suggest that fewer than 10% of companies are ready for new data legislation, despite the fact it comes into effect in just a few months (http://www.information-age.com/5-eu-companies-ready-gdpr-compliance-alert-logic-123469223/) (http://www.businesscloud.co.uk/news/nine-out-of-ten-firms-not-ready-for-gdpr).
In May 2018, the EU General Data Protection Regulation goes live, bringing with it much heavier responsibilities for how organisations gather, store, use and dispose of data. Non-compliance carries hefty fines.
Ignorance is no defence
It’s believed that one of the reasons why so few companies are preparing for the GDPR is lack of awareness and a mistaken belief they are immune.
The GDPR applies to any organisation that stores personal data on EU citizens. It does not matter where that organisation is based, or whether that data is financial information, or simply names and addresses.
In some ways, lack of understanding about the new legislation fits within a general confusion about the whole subject of data security and privacy amongst many business owners and consumers.
GDPR aims to address data mismanagement
The new legislation has been designed to address the shocking level of data mismanagement, which has been leaving consumers exposed and losing confidence.
In 2016, in the UK alone, 54,468,603 individual records were compromised. This represents a startling 475% increase on 2015 (http://www.cara.uk.com/is-your-it-ready-for-new-data-legislation/).
One of the areas of data management that is particularly prone to error and lack of action is correct disposal.
That is why the GDPR is bringing in more stringent measures. This includes requiring companies to have a clear, accountable policy on how long it will keep data and how it intends to safely dispose of it.
As with other aspects of the “journey” to GDPR compliance, the weakest link in your data disposal could be your relationship with third parties.
If personal information is leaked, lost or misused from sharing data across sites, devices or suppliers, your organisation will still be held accountable.
You also need to be 100% sure that any hardware is wiped clean before it falls into the hands of anyone else, which has a knock-on effect on recycling and reselling.
Any company you trust with data destruction and disposal needs to apply tight controls within the legislative framework to mitigate your risks.
However, outsourcing data destruction is still an economically sensible option. It frees your time and expertise to carry out some of the data management obligations that can only be handled internally.
To put systems and procedures in place for the coming year – and take one step closer to GDPR compliance – contact AssetCare. Wherever you are in the UK, we can assist with lawful data destruction. We also securely recycle unwanted electronic equipment.