The General Data Protection Regulations (GDPR) are looming ever closer. By May 2018 all organisations must be in a position to demonstrate compliance with GDPR.
According to a recent ADISA survey 66 per cent of the public sector data controllers are currently in breach of UK Data Protection laws when disposing of unwanted data bearing devices. The forthcoming regulatory changes significantly increase the burden on all businesses and public sector organisations. Every employer using IT or holding data will need to prepare for the changes and have in place a rigorous process for the handling and storing of data along with the management and final disposal of all types of data containing hardware.
Regulatory changes are to increase data duties
Maximum fines for non-compliance have increased to €20,000,000 or up to 4 per cent of global turnover and breach notifications are also mandatory within 72 hours. As can be seen from recent publicity, the financial implications of a breach can have a reputational impact far greater than the fine itself.
Many will see these new regulations as another inconvenience, only to be given consideration when absolutely necessary. If you might be this way inclined then think again. Help is at hand.
The standards, as defined in the new regulations, are there to protect sensitive data in a world where the bad guys are getting more and more sophisticated. We are all now potential targets for the online fraudster, blackmailer, rogue state or simply a frustrated student working alone from his bedroom.
Don’t panic – help is at hand
Working to the standards as set out in the new regulations makes sense. The first question to answer is, how far is your organisation from fulfilling these standards?
This is where we can help. Having had over twenty years’ experience as a data processor AssetCare, a division of the WasteCare Group, have seen a gradual increase in the attention and thought that data controllers are giving towards disposing of their data bearing IT assets. Yet still we estimate that less than 20 per cent of current transactions will stand up to the scrutiny of GDPR. This is where we can help close the gap. This is a step change in regulation and needs an appropriate response.
Robust contracts will be needed
The main areas of focus for data controllers looking to dispose of their sensitive devices safely and in compliance with GDPR can be summarised as follows:
- Put in place a code of conduct in relation to your data handling, storage and disposal
- Establish an audit regime and relevant method statements to ensure compliance
- Introduce formal risk assessments
- Ensure a robust contract and detailed service level agreement is in place with your disposal outlet
AssetCare recognise that this will be a significant administrative, not to mention time-consuming challenge for many organisations; however, we are here to help to simplify the process.
Free confidential survey and gap analysis
We are specialists in the field of asset disposal and encourage you to contact us for a no obligation audit to ensure you are ready for the journey ahead.
We believe it is our responsibility to ensure all our clients are GDPR compliant in time for the May deadline. The good news is, we are offering a desktop survey and gap analysis to all our existing clients free of charge. Don’t leave it until the last minute. Contact us now for your free survey – it could save you more than just money.
