To ensure the security of your customers, clients and company data, all devices and computer equipment should be disposed of in a secure way. This means hiring an approved organisation for IT disposal. A good company will be able to provide you with legitimate certification that your equipment has been disposed of securely. This will not only be a great benefit to your own peace of mind, but it will ensure compliance with GDPR, which is a mandatory requirement now.
If, however, your data is breached due to improper disposal of computer equipment, there are three main issues that you need to consider:
– Identify who is vulnerable
– Identify what the risk is
– Identify what data is potentially compromised
Once you have considered these three things, you are able to make a decision as to whether the breach poses a ‘risk to the rights and freedoms of individuals’. And, if the risk is serious enough, your DPO should make a report to the Information Commissioner’s Office (ICO) as well as to the individuals themselves. The key question you should be asking is how big an impact the data breach is likely to have on the individuals and your company. If the impact is likely to be adverse in any way, there should be no hesitation in making the report.
The increase in fines under GDPR has been highly publicised, and there is sure to be an even greater focus on data protection practices in all kinds of industries. With an online presence, most modern companies are responsible for sensitive information to some degree. Even at this early stage, there has been an increase in reports of breaches. For example, the University of Greenwich was recently fined £120,000 for a large data breach that resulted in the personal data of some 19,500 students being posted online. This kind of media attention should be the warning for businesses that their data protection practices need to be taken seriously, and this includes IT disposal and IT recycling.
So if you want to avoid finding yourself in a situation where you have to report a serious data breach and suffer a sizeable fine for failing to comply with GDPR, you must be sure that all your data protection practices are up to date. Asset Care are an approved IT disposal and recycling company, and can ensure that your IT equipment is processed in compliance with GDPR, so you can rest assured you aren’t running the risk of a breach.