Data privacy laws are being updated across Europe and around the world, and data-using companies not in compliance by the launch date of the 25 May 2018 will face heavy fines of up to 20 million euros. The new General Data Protection Regulations laws (http://www.eugdpr.org/gdpr-faqs.html) reflect the modern times we live in, with companies required to announce data breaches within 72 hours, to prevent them trying to bury bad news and to allow customers to address any leaks, change passwords and so on.
A stricter set of data retention laws, support for rights of access to data and for customers or users to be forgotten are all important parts of the new GDPR. There’s also increased focus on the role of the data protection officer, data processors and controllers, who will be on the frontline when it comes to securing data and protecting it against the myriad of threats all businesses face.
Disposal must be traceable and performed correctly
When it comes to disposing of data, companies will need to ensure no information is lost when it should have been retained. Under the GDPR regulations, officers are responsible for the data and its correct and proper destruction, using a properly accredited IT Asset Disposal company.
This means the days of dumping old PCs, bundles of backup DVDs or tape storage in skips are truly over. Instead, companies will need a contract with an accredited disposal company, and keep a record across the lifespan of any data so that they can prove that it was compliant with regulations and correctly destroyed.
For many companies, these regulations will come as a shock, but there is plenty of time to adjust to new laws, and many options when it comes to partners to work with who can help categorise data, and ensure its correct disposal. Taking control of your business data management now can prevent plenty of pain later on.
Knowing what data you have, where it is stored, who it is shared with, whether it travels overseas and how customers or the public can access it are key parts of the new processes. For companies that like to keep their data for some spurious future purpose, the bad news is that once data has fulfilled its purpose it should be deleted or destroyed, so there is no good reason to cling onto those archive servers. All of this means that as hardware ages or is upgraded, accredited destruction of that data and hardware is the only safe and legal solution, so get in touch today (https://asset-care.uk/contact/) to find out how we can help.