Following the GDPR and Data Protection Act 2018, businesses of all sizes are now legally required to dispose of all personal and confidential information. With regulations in place that ensure the proper and responsible management of sensitive information within businesses, it is required for personal data to be retained in a safe and secure manner, and for it to not be held longer than is necessary.
Mistreated data can not only lead to compromised business assets but may now also result in a financial penalty, so it is vital for businesses to destroy data that is no longer required in a thorough and efficient manner. If you’re unsure of where to start when it comes to the disposal of data, the experts from Syntax IT Support are here to help.
- Data disposal policy
As a business with a legal responsibility to securely retain and then dispose of sensitive data, you should have a structured policy for this set up within the company. All employees who handle or store company or customer data should be educated to understand data protection laws, as well as the risks of not following these laws and how they can implement them in the workplace. A designated data disposal system should be put in place to safely store the data then flag when it is ready for deletion.
- Overwriting data
Electronic copies of sensitive data that may be stored on your company’s IT network need to be erased using the proper methods. For example, simply deleting a file on your desktop hard drive does not fully erase it, removing a link to the file only. These files need to be overwritten multiple times until the data within them is unrecoverable.
There are a number of legitimate software tools available that can completely delete files and their residing data from hard drives. For information files stored on disks and flash drives however, the deletion technique is a little more complex. When deleting these types of file, you’ll need to look for the manufacturer’s delete utilities, which are specific to the brand of drive you are handling.
- Destruction of hard drives
It may be the case that the drive you have been using is no longer required for reuse, or that the data which it currently holds is too important and you would feel more comfortable if it were to be completely destroyed. The are multiple inexpensive methods which can be used to render the hard drive unusable, such as crushing or high powered shredding. However, while the data upon the drive would become very hard to retrieve, the information contained would still be intact. A more thorough way to manage the destruction of a business hard drive would be degaussing, which uses a magnetic field to completely wipe important data at a much more effective level than simply overwriting.
- Paper-based data and hard copies
Any hard copies of personal information require just as much attention as electronic data, and it is your responsibility as a business to destroy all hard copies of data that is no longer of use. Shredding of material can sufficiently render data erased, but ideally, following shredding the paper should also be incinerated.
- Outsourcing data management
If you feel ill equipped to destroy data in the appropriate manner yourself, it may bring you peace of mind to outsource your data disposal. There are many reputable companies who can help with the destruction of sensitive data, but when considering this as an option, it’s important to do your research. Be sure to check how the service will transport and handle the data files, what methods they will use for the destruction of the data and that they are compliant with all legal regulations.