The General Data Protection Regulation – are you disposing of your data correctly?

We spend millions as a country on security, but there is often not enough consideration to our data disposal.

To break it down there are three areas that can be protected:

1.  Physical threats: locks, doors and CCTV cameras to protect your hardware.
2.  Cyber threats: internet security, antivirus and firewalls to protect your systems over
      the internet.
3.  Disposal threats: secure certified data destruction of old products containing data.

The first two have all the attention and biggest bills, but the third is not often given adequate consideration, and that undermines all the efforts and costs to physical and cyber threat reduction.

Out of sight and out of mind

We all have digital bits and pieces around our home or office that should be recycled. It’s often these items with data that end up being treated through ‘regular’ disposal routes, effectively giving away our data, or alternatively they are stored in a dusty cupboard in a distant corner of the office in fear of it getting into the wrong hands – out of sight and out of mind. 

Unsecure waste disposal can lead to data theft, impersonation and fraud that haunt modern life and the technology that we have become so heavily dependent upon. 

The new EU General Data Protection Regulation

Things are soon set to change with a new EU Regulation affecting the whole of Europe – the EU General Data Protection Regulation (GDPR). Discussions started in 2014 and were delayed twice until 2016, and now it looks to be ready for EU parliamentary agreement later this year, after which businesses have to start changing the way they manage their own and their customers’ data disposal. 

So what is the GDPR?

Quite simply the new legal framework requires data controllers to comply with requests for erasure of personal data and have proof of this erasure. It is leagues ahead of the old framework brought into UK legislation by the Information Commissioner’s Office (ICO) in 1998, and starts to reflect the globalised modern business environment that we all operate in at work and home. 

It affects ‘personal data’ which is defined as any information relating to an individual. This includes data such as a name, photo, email address, bank details, social media posts, medical information or a computer’s IP address.

Secure data destruction

So far, there are only a few companies in the UK providing secure data disposal services. Those who do have the systems, processes and services to qualify and maintain ADISA certification which is recognised as one of the best available and aligns well to the new requirements. 

ecosurety has been working with many of them already to enable the re-use, treatment and recycling of our own, and our members, WEEE. We profiled one of our partners, SHP Ltd, who we launched an asset disposal service with earlier this year

ecosurety will be running a webinar on secure data destruction to bring you up to speed on the new standard when it is released later this year – watch this space! From publication of the regulations, businesses have the usual 24 months to implement the contractors internal processes and training to demonstrate they meet the new requirements, so it will be important to perform internal due diligence against the new standards. 

In the meantime, if your business wants to get ahead and make sure your data destruction is completed to ADISA standard treatment, you can contact Greg Challis from our asset disposal team on gchallis@ecosurety.com or call 0845 094 2228

Robbie Staniforth

Policy manager

As policy manager, Robbie is responsible for liaising with government, regulators and industry organisations to represent our members’ views and interests. In previous roles, he helped to instigate market-based change and he brings that dynamism to his current role of influencing regulatory change. With years of experience working across a number of departments at Ecosurety, it’s fair to say he has an excellent understanding of producer compliance and recycling, which enables him to provide high-level policy expertise, industry insight and market analysis to our members.

Written by Robbie Staniforth Published 18/04/2016 Topics Compliance

Useful links

Ecosurety joins OPRL as first compliance scheme member

Ecosurety has become the first compliance scheme to sign up to OPRL, enabling it to more effectively support members of both schemes.


Extended Producer Responsibility: what is required for success?

Ecosurety policy manager, Robbie Staniforth, spoke at the All Party Parliamentary Sustainable Resource Group at Portcullis House in Westminster, as part of a discussion under the title of 'The Future of Extended Producer Responsibility (EPR)'.


Environmental Audit Committee pushes for post-Brexit Environmental Enforcement Plan

What is in store for post-Brexit environmental auditing and enforcement has yet to be decided.


Get in touch