According to a recent survey, only half of UK IT decision-makers are aware of the upcoming EU Data Protection Regulation and how this law will impact their business.
Click here to download our help guide on the GDPR law
What is the GDPR?
The upcoming EU General Data Protection Regulation (GDPR) is a comprehensive update of the 1995 EU Data Protection Directive. The Directive was created as a legal framework to regulate the progression of personal data within the European Union regarding the erasure of personal data. The GDPR is due to come into law by early 2016 so you need to be thinking about this legislation now to ensure you are prepared for the changes.
How does the GDPR affect me?
The major implication regarding the introduction of the GDPR legislation is the significant increase in fines charged to those companies who fail to comply. The fines under the new rules will be significant for any organisation as they are expected to go up to 5% of the annual global turnover of a company per incident. Therefore it is crucial that companies now look to review and adapt their business processes to ensure they can comply with the new rules and avoid the penalties for non-compliance.
The cost of a rule break
As the data protection regulations become tougher and more complex, companies need to consider the implications if they don’t start preparing for the new law. Any breaches in data protection legislation, which compromise individuals or clients confidentiality, could potentially ruin an organisation financially.
Failure to effectively erase information upon the disposal of an IT asset or storage device may not only result in financial implications but also in unseen costs, such as the incident recovery cost and the damage that can be caused to the brand reputation of an organisation. Negative publicity can end up costing a business far more than a finance penalty and often takes a much longer time to recover from which ultimately can result in a loss of customers.
GDPR and IT Asset Disposal
The GDPR law affects the whole process of IT Asset Disposal from the collection, use, storage and disposal of sensitive data. These increased penalties and regulations should be a reason to justify investment in security controls within your IT policy to prevent and limit the loss of data should they fail to dispose of their IT assets securely and responsibly.
Retiring unwanted IT assets should be a secure process, carried out by security cleared personnel, collected by GPS tracked and Geo-Fenced vehicles and stored in secure, licensed facilities using CESG approved data erasing software. The whole process should be fully auditable with the ability to track and report on what was erased and who handled the erasure; the data trail will then allow you to demonstrate your regulatory compliance.
Make the change before it’s too late
It stands to reason that managing the aftermath of incidents once they have occurred are far more expensive to an organisation than proactively controlling the risks. It is crucial companies consider the impact to their organisation and make changes before it is too late. Businesses should start work now to ensure compliance with the new legislation, implementing a strategy compliant with forthcoming data protection guidelines.
How can DiskShred help?
DiskShred’s onsite shredding services removes the burden of the legislation surrounding secure IT asset disposal and delivers real cost savings and guaranteed compliance with the latest environmental laws and highest data security standards. Now is the time to consider the potential impacts of the new legislation on your organisation.
Contact DiskShred today to further discuss our services and how we can help you comply with the GDPR regulation.
Email: info@diskshred.eu or telephone 0800 080 5083