New data protection regulations are currently being brought into effect by the European Commission, and with cybercrime being ever high on the list of threats to the UK; data protection is, as always, of great importance to Computer Aid and our donors.
There are some standout changes to the Data Protection Regulation that are imperative to us, which are summarised below:
Fines for noncompliance can be as high as €100m or 5 percent of global revenue (whichever is higher). This is in contrast to the current maximum £500,000 fine in the UK. This illustrates just how seriously data breaches are to be taken, and the great deal of responsibility for companies that comes with data storage.
Users can demand that their data be completely erased at any time. This includes all data if on multiple systems, covering for any syncing procedures that may be in place, and local copies. Companies must also therefore ensure that machines at the end of their life, or when being moved out the company, are fully data wiped, so when a user requests that their data be erased, it is fully erased and is not still remaining on equipment that has since left the company.
Furthermore, it is data holder’s responsibility to inform users of their rights, increasing the likelihood that users will request that their data be destroyed.
Data processors, as well as owners will be responsible for protection.
All parties that come into contact with data will be responsible for data protection, regardless of whether they are the owner of that content or not. This means third party companies do not avoid responsibility, and companies who use third parties have a responsibility to check that they are compliant.
Tighter rules covering parties outside of the EU
Regardless of whether Britain leaves the EU, or what relationship there will be with the EU post exit, there is no way of avoiding these tightened regulations. Rather than be controlled geographically, the rules surround data on EU citizens. This means no matter the location of the company, third parties, or physical servers and hard drives, if the data is on an EU citizen, then it must comply.
We have always seen data protection to be of the upmost importance to ourselves, our donors, and of course the individuals whose data we may be handling. Thus we have always provided a complete data erasure service through Blancco as well as all the WEEE regulated documentations. Our new partnership with Tier 1 only strengthens our data security capabilities, and will further ensure compliance with the new data protection regulation. For example we will now be able to provide on-site asset scanning and secure transportation of hardware, meaning that all vehicles used to transport equipment will be geo-tracked from the donor site to the Tier 1 refurbishment facility. Additionally, we will be able to provide asset tracking, delivering a detailed report containing all information regarding each asset donated, i.e. serial number, hard drive etc. and inform donors within a month of what will be reused or recycled from the equipment that has been donated.
Tier 1 also has a robust and safe-data wiping process, and holds strong, socially responsible values that closely match those of Computer Aid. Working together we will be able recycle and refurbish machines in a more secure manner, fully compliant with the data protection regulations. This will provide people with greater confidence of data protection, encouraging more people to donate their machines for end of life service, which will enable us to bring IT to even more people and communities that require them.