Secure data destruction is critical under GDPR legislation

The secure disposal and destruction of data is one of the biggest threats businesses face in our contemporary environment, and it is a task that tends to be outsourced as it falls outside of the remit of most core business practices. Currently, many businesses choose to outsource their need for asset disposal to external IT asset disposal companies as an assurance of compliance with regulations and to mitigate any dangers. Maintaining compliance with new GDPR legislation makes it increasingly important to choose a reputable IT asset disposal company and ensure best practices for the destruction of personal data are followed.

More about asset governance

For many companies, the legislation that governs data protection and asset disposals is far too complex for this issue to be successfully managed internally. Outsourcing the responsibility for data asset disposal does enable companies to place more focus on their core business activities; however, the arrival of the new General Data Protection Regulation (GDPR) in May provides enforcement which will make it essential for companies to review their asset disposal procedures. GDPR legislation will mean that companies breaching data regulations face hefty fines, so it’s very important for every IT department in businesses of any size to ensure there is a transparent audit trail for data assets, together with evidence of data destruction.

Proof of data destruction

The data protection laws currently in place already specify that the data controller is directly responsible for ensuring the full essential compliance for data protection in the workplace, rather than the data processor. In these circumstances, the data controller is the company that is outsourcing the secure asset disposal and the data processor is the third-party asset disposal firm. It is the data controller who controls the reasons and purposes for personal data collection and the ways in which it is processed, while the data processor is just responsible for processing data under the instructions of the data controller. Under the new GDPR legislation both the data controller and data processor are jointly liable.

This joint accountability for data assets makes it important for both the commissioning business and the third-party asset disposal company to maintain accurate records of all the data processing activities and companies will need to ensure verification that data assets have been destroyed.

AssetCare are a division of the WasteCare Group and provide simple and secure data asset destruction for businesses of any size. Contact us for more information.