Media Destruction and Privacy Law Compliance
New standards for the General Data Protection Rule (GDPR) went into effect on May 25, 2018. They affect any EU business that collects data from customers. One of the key factors in the new standards is that companies must take a strict approach to ensuring personal data is deleted when it no longer needs to be stored for the purpose it was collected for. GDPR non-compliance penalties are substantial: up to €20 million or 4 percent of annual turnover (whichever is greater). In this blog, we share our best practices for making sure your media destruction practices comply with the GDPR requirements.
Appoint a Data Protection Officer
Under the new GDPR requirements, certain organisations must appoint a Data Protection Officer (DPO) to monitor compliance. The Information Commissioner’s Office (ICO) has created an online tool to help your organisation determine if it needs a DPO. Your DPO should manage all of your organisation’s data protection practices, including media destruction.
Document Your Media Destruction Practices
Your employees should understand the new GDPR standards and non-compliance penalties. Update your data destruction policy and give it to your staff. Keep a record of your company’s final disposition practices. A secure destruction service verifies GDPR compliance with a Certificate of Destruction which records the date and time of media destruction.
Move Beyond Erasure
Media erasure is not a substitute for media destruction, since with available technology, thieves can recover data from “erased” hard drives and data tapes. Destruction is the most reliable method for rendering data irrecoverable. A true media destruction service shreds your devices into tiny pieces, making it impossible to recover confidential personal data.
The longer you wait to destroy your data, the greater the risk of a privacy breach that leads to GDPR non-compliance. A secure destruction service promptly destroys your expired media. Locked containers are placed throughout your office. When a tape or hard drive is no longer needed, you place it in the container. Then, on a weekly, fortnightly or monthly basis, the containers are emptied, and your media is destroyed.
Implement these best practices to ensure your organisation destroys its media according to the GDPR standards.
Archive Document Data Storage (ADDS) provides IT and media destruction services for businesses throughout London, Bristol, Bath, and Swindon. For more information, please contact us by phone or complete the form on this page.