Why is data destruction important under the GDPR?
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018, and is changing the way organisations handle customers’ personal data at every stage of business. The new legislation means that destruction of unused data is more vital to businesses than ever before; it is the law. In order to comply with the strict standards of the new legislation, all businesses will need to make correct data destruction a part of their security strategy and practice by the time the GDPR is introduced.
The GDPR will replace existing legislation and will impose heavy fines for data breaches (up to 20 million Euros or 4% of a company’s annual global turnover). Though the GDPR is an EU regulation, every organisation that conducts business with EU data subjects is required to comply. The severity of the consequences and the global impact of this change mean it is in the immediate best interest of every business to integrate seamless data handling processes throughout their security framework. This is especially true when it comes to end-of-life data destruction.
While the security of live and in-use data is certainly felt to be a high priority by many businesses, end-of-life data security often slips through the cracks. However, information that is no longer of use to a business still retains its sensitive nature and therefore poses an unnecessary breach risk. Examples include past customers’ contact information, names, historical records, and financial information. Lengthy storage or incorrect disposal of these end-of-life data creates risk of accidental loss, theft, and intentional misuse by external parties. Under the GDPR, individuals will also have the right to request the destruction of their own data, so correct destruction is likely to be at the forefront of public consciousness.
Disposing of data correctly, immediately after it is no longer relevant or necessary to conduct business, minimises an organisations’ risk of a data breach by reducing the amount of stored information. It also prevents end-of-life data from being stolen or misplaced after use, and falling into the hands of potentially negligent or malicious parties either inside or outside the organisation.
How can AVTEL Data Destruction help?
Though several options exist for data destruction, not every method ensures safety and total compliance with the GDPR. The unique milling method offered by AVTEL Data Destruction is the only process that can completely ensure that the data-holding devices and the information that they contain are destroyed safely and permanently.
By milling the data-holding device into particles smaller than 9mm, AVTEL Data Destruction's process ensures a level of safety that exceeds every other technique available today. This market-leading technology is completely mobile, mitigating the risks posed by the transportation and handling of sensitive personal data. The on-site destruction is completely safe for every individual involved in the process. Physical elements of the eradicated hard drives are carefully disposed of in the most environmentally sound method available, going beyond the typical standard of many destruction providers, which often creates unnecessary risks for people and the environment.
Most importantly, the AVTEL Data Destruction process is able to be audited from start to finish, with CCTV and digital imaging software ensuring complete compliance and auditability. Under the GDPR, traceability, and proof of conduct will become increasingly important in the process of protecting customer data, and therefore protecting businesses from a breach, and will be required of all organisations that hold sensitive personal data. With AVTEL Data Destruction, organisations can be sure that not only is their data destroyed permanently and safely, but also that it will stand up to the strict standards that will be necessary under the impending changes of the GDPR.
This blog post is intended for informational purposes only. Although every effort has been made to present accurate and current information, accuracy cannot be guaranteed. Please note that the information within this blog post does not constitute legal advice and should not be relied upon as such. For legal or professional advice, contact a solicitor.