If you search online for ‘secure IT destruction’ you would expect to find companies offering secure digital media-based data destruction services that comply with the General Data Protection Regulations (GDPR).Be prepared for a surprise – this may not be the case.A recent online search revealed that of the 30 links shown on the first three pages of results for ‘secure IT destruction’, only three of them were for genuine secure data destruction services. The rest were for legitimate recycling companies, but they had no secure destruction facilities or staff security screening procedures.
WEEE Recycling Is Not GDPR Destruction
The Waste Electrical and Electronic Equipment regulations (WEEE) are there to protect the environment from pollution and landfill, and where possible recycle the components and materials used in this equipment.A WEEE-registered waste recycling contractor will disassemble old and broken equipment, separating out plastics and metals, cables and electronics so they can be recycled or safely disposed of.Such equipment – which in the office environment ranges from old mobiles, laptops and desktop computers to printers, copiers and coffee machines – will often have data storage components such as built-in hard drives and solid state memory cards. These components will only be segregated based on their recyclable value, not on their confidential data contents.As the former owner of the discarded equipment, you are under a legal obligation to ensure the secure destruction of any data that might have been held on one of those storage components, but unless it is removed and destroyed within a secure destruction environment you have no way of creating an audit trail for its secure disposal. The consequences of non-compliance can be severe, even if there is no evidence that the data has been accessed by unauthorised parties.
GDPR-Compliant WEEE Recycling
To be absolutely sure that any electronic equipment containing data storage components is securely handled (bear in mind that this doesn’t only include obvious items such as phones and computers; they are often found in printers and photocopiers), dig deeper into who the company is and what services they are offering.Look out for references to BS7858
, the Code of Practice covering security screening of persons employed in a security environment, as it’s likely that the company will mention that the personnel collecting used equipment from your premises and recycling it have been screened in line with this Code of Practice. If necessary, and for your peace of mind, ask them specifically about the Code of Practice.Another point to consider is that data degaussing (also known as data erasing or wiping), data anonymisation and secure destruction of the drive are the only ways in which electronic data can be rendered irretrievable. This means that while you might have deleted all confidential data from a device before disposing of it, the data is still held on the device and can potentially be restored and retrieved – another reason why you should only use a trusted secure IT destruction service.
Secure Destruction Of All Your Data
In addition to being stored internally on electronic equipment, confidential data is commonly held on external hard drives, flash drives (memory sticks) and as printed documents. Having one company to handle all your secure data destruction requirements means you have a single point of contact and your data destruction compliance is streamlined.PROTECTR
is a secure data and brand protection service from Avena Group. It includes SECURALL
GDPR-compliant secure document shredding and destruction, and SECURETECH
GDPR- and WEEE-compliant secure media and IT recycling.For further information on PROTECTR and how we can protect your data and your organisation, call Avena Group on 0845 5219 892
or via our website