GDPR and your data's end-of-life

Why is data destruction important under the GDPR?

The General Data Protection Regulation (GDPR) will come into force on 25th May 2018, and is changing the way organisations handle customers’ personal data at every stage of business. The new legislation means that destruction of unused data is more vital to businesses than ever before; it is the law. In order to comply with the strict standards of the new legislation, all businesses will need to make correct data destruction a part of their security strategy and practice by the time the GDPR is introduced.

AdobeStock_196917685_lower res.jpeg

The GDPR will replace existing legislation and will impose heavy fines for data breaches (up to 20 million Euros or 4% of a company’s annual global turnover). Though the GDPR is an EU regulation, every organisation that conducts business with EU data subjects is required to comply. The severity of the consequences and the global impact of this change mean it is in the immediate best interest of every business to integrate seamless data handling processes throughout their security framework. This is especially true when it comes to end-of-life data destruction.

While the security of live and in-use data is certainly felt to be a high priority by many businesses, end-of-life data security often slips through the cracks. However, information that is no longer of use to a business still retains its sensitive nature and therefore poses an unnecessary breach risk. Examples include past customers’ contact information, names, historical records, and financial information. Lengthy storage or incorrect disposal of these end-of-life data creates risk of accidental loss, theft, and intentional misuse by external parties. Under the GDPR, individuals will also have the right to request the destruction of their own data, so correct destruction is likely to be at the forefront of public consciousness.

Disposing of data correctly, immediately after it is no longer relevant or necessary to conduct business, minimises an organisations’ risk of a data breach by reducing the amount of stored information. It also prevents end-of-life data from being stolen or misplaced after use, and falling into the hands of potentially negligent or malicious parties either inside or outside the organisation.

How can AVTEL Data Destruction help?  

Though several options exist for data destruction, not every method ensures safety and total compliance with the GDPR. The unique milling method offered by AVTEL Data Destruction is the only process that can completely ensure that the data-holding devices and the information that they contain are destroyed safely and permanently.

By milling the data-holding device into particles smaller than 9mm, AVTEL Data Destruction's process ensures a level of safety that exceeds every other technique available today. This market-leading technology is completely mobile, mitigating the risks posed by the transportation and handling of sensitive personal data. The on-site destruction is completely safe for every individual involved in the process. Physical elements of the eradicated hard drives are carefully disposed of in the most environmentally sound method available, going beyond the typical standard of many destruction providers, which often creates unnecessary risks for people and the environment.

Most importantly, the AVTEL Data Destruction process is able to be audited from start to finish, with CCTV and digital imaging software ensuring complete compliance and auditability. Under the GDPR, traceability, and proof of conduct will become increasingly important in the process of protecting customer data, and therefore protecting businesses from a breach, and will be required of all organisations that hold sensitive personal data. With AVTEL Data Destruction, organisations can be sure that not only is their data destroyed permanently and safely, but also that it will stand up to the strict standards that will be necessary under the impending changes of the GDPR.


This blog post is intended for informational purposes only. Although every effort has been made to present accurate and current information, accuracy cannot be guaranteed. Please note that the information within this blog post does not constitute legal advice and should not be relied upon as such. For legal or professional advice, contact a solicitor.


GDPR: The lay of the land

This year sees major changes for data protection and privacy laws the world over. Arguably the most significant and comprehensive data protection legislation in history, the General Data Protection Regulation (GDPR) will replace existing EU privacy laws and change the face of privacy protection. The new law has far-reaching global implications, applying not only to businesses operating in the EU, but also to any business worldwide that collects personal information from EU data subjects.

This is a massive change when it comes to privacy protection legislation, and is provoking a flurry of activity worldwide in 2018 from businesses affected by the change, as well as those offering legal and practical services. There is a strong feeling among privacy experts, however, that not enough has been done by organisations preparing for the GDPR; it is not too late, but all businesses need to make sure they prepare now to reach full compliance before the change on 25th May 2018


What changes are required under the GDPR?

Essentially, the GDPR requires a comprehensive reimagining of privacy standards, and includes many new regulations that are proving a headache for the underprepared. The regulation introduces the right to be forgotten, mandatory consent for collection of data, mandatory data breach notification, a call for specificity and relevance in data collected, and the exemption from profiling by algorithms, and the mandatory destruction of data once it is no longer relevant.

In addition, it offers regulatory power to data protection authorities like the European Data Protection Board super-watchdog, and requires the appointment of data protection officers in companies that handle large amounts of personal data. Most of these changes require a total policy and practice overhaul, including changes to collection, handling, storage, and disposal of data.

The GDPR should not be taken lightly, with non-compliance attracting fines of up to €20 million, or 4% of annual worldwide turnover (whichever is greater). Advice and information about the change is becoming more accessible to businesses this year as the change date draws closer. It is clear from the current mood in the press that, until recently, many companies have failed to recognise the significance of the changes and the vast quantity of practical and software changes required when preparing for the GDPR in order to bring businesses up to the high standard required.

How are organisations preparing for the GDPR?

Now, with less than 100 days to go before the GDPR cracks down in May, businesses are becoming more aware of the implications, as the reality and complexity of the new laws hits home and they begin preparing for the GDPR. However, some reports suggest that by the time the GDPR comes into play, more than half of the affected companies will still not be fully compliant, while around half will still be struggling to achieve full compliance even by the end of this year. This is not ideal for non-compliant organisations, as it soon leaves them open to huge penalties in the case of a data breach. In essence, the time to start preparing your business – if you haven’t started already – is now.

Data breaches are becoming more common and more severe every year — large companies like Yahoo, Uber, Equifax, and many more still face ongoing publicity and repercussions from recent breaches. Cases like these have brought data protection into the limelight. In addition to the 2018 legislative changes including the GDPR, the Notifiable Data Breaches (NDB) Act in Australia, and the proposed Breach of Security Safeguard Regulations in Canada this year, widespread publicity has brought data protection to the forefront of awareness for both consumers and organisations. But businesses are still proving largely underprepared for the change.

Though the law is now imminent, there is a tangible level of uncertainty surrounding the GDPR and how it will affect organisations. Lawyers and data protection experts are working hard to prepare companies for the overhaul, with training programs, software expertise, and legal guidance available in most countries, both within the EU and further afield.

It’s important for every organisation worldwide that handles EU data subjects — even just a single EU customer — to understand what changes will be required to get current privacy practices up to speed and avoid the heavy penalties of the GDPR.

Over the coming weeks leading up to the change, we’ll underline key aspects of the GDPR and keep you up-to-date with relevant information that will help your business in preparing for the GDPR.


This blog post is intended for informational purposes only. Although every effort has been made to present accurate and current information, accuracy cannot be guaranteed. Please note that the information within this blog post does not constitute legal advice and should not be relied upon as such. For legal or professional advice, contact a solicitor.