The General Data Protection Regulation – are you disposing of your data correctly?

We spend millions as a country on security, but there is often not enough consideration to our data disposal.

To break it down there are three areas that can be protected:

1.  Physical threats: locks, doors and CCTV cameras to protect your hardware.
2.  Cyber threats: internet security, antivirus and firewalls to protect your systems over
      the internet.
3.  Disposal threats: secure certified data destruction of old products containing data.

The first two have all the attention and biggest bills, but the third is not often given adequate consideration, and that undermines all the efforts and costs to physical and cyber threat reduction.

Out of sight and out of mind

We all have digital bits and pieces around our home or office that should be recycled. It’s often these items with data that end up being treated through ‘regular’ disposal routes, effectively giving away our data, or alternatively they are stored in a dusty cupboard in a distant corner of the office in fear of it getting into the wrong hands – out of sight and out of mind. 

Unsecure waste disposal can lead to data theft, impersonation and fraud that haunt modern life and the technology that we have become so heavily dependent upon. 

The new EU General Data Protection Regulation

Things are soon set to change with a new EU Regulation affecting the whole of Europe – the EU General Data Protection Regulation (GDPR). Discussions started in 2014 and were delayed twice until 2016, and now it looks to be ready for EU parliamentary agreement later this year, after which businesses have to start changing the way they manage their own and their customers’ data disposal. 

So what is the GDPR?

Quite simply the new legal framework requires data controllers to comply with requests for erasure of personal data and have proof of this erasure. It is leagues ahead of the old framework brought into UK legislation by the Information Commissioner’s Office (ICO) in 1998, and starts to reflect the globalised modern business environment that we all operate in at work and home. 

It affects ‘personal data’ which is defined as any information relating to an individual. This includes data such as a name, photo, email address, bank details, social media posts, medical information or a computer’s IP address.

Secure data destruction

So far, there are only a few companies in the UK providing secure data disposal services. Those who do have the systems, processes and services to qualify and maintain ADISA certification which is recognised as one of the best available and aligns well to the new requirements. 

ecosurety has been working with many of them already to enable the re-use, treatment and recycling of our own, and our members, WEEE. We profiled one of our partners, SHP Ltd, who we launched an asset disposal service with earlier this year

ecosurety will be running a webinar on secure data destruction to bring you up to speed on the new standard when it is released later this year – watch this space! From publication of the regulations, businesses have the usual 24 months to implement the contractors internal processes and training to demonstrate they meet the new requirements, so it will be important to perform internal due diligence against the new standards. 

In the meantime, if your business wants to get ahead and make sure your data destruction is completed to ADISA standard treatment, you can contact Greg Challis from our asset disposal team on gchallis@ecosurety.com or call 0845 094 2228

Robbie Staniforth

Head of policy

Having gained a wealth of experience in regulatory affairs, waste issues and secondary commodity market analysis, Robbie uses his skills internally as an operational board member and externally to influence legislation change as head of policy. He is responsible for liaising with government, regulators and industry organisations to articulate complex views and interests and to provide high-level policy expertise, industry insight and market analysis to our members.

Written by Robbie Staniforth Published 18/04/2016 Topics Compliance

Useful links


Defra have committed to new EPR regulations including bulky waste, tyres and building materials.


Will COVID-19 affect producer responsibility in 2020?

In an article published by Resource today, I examine the potential impact of COVID-19 on producer responsibility compliance.


What the government response to COVID-19 means for producer responsibility

In the middle of March, which seems like a lifetime ago, I wrote about the likely impacts of COVID-19 on producer responsibility.


Get in touch