General Data Protection Regulation (GDPR) is set to come into force in just over a year’s time, on 25th May 2018. GDPR is one of the most important pieces of legislation to affect companies whose core business involves processing data.
Those found to be non-compliant could face fines of up to €20 million or 4% of global turnover, depending on which is greater. With such significant penalties, it’s no surprise that organisations are already working to meet the requirements outlined in the regulation.
IT Departments Faced with a Dilemma
Although your IT department should strive to ensure compliance, this does raise an issue around your company’s overall information security standing. You’re faced with the dilemma of whether you should focus efforts on achieving compliance or reducing risk. The two activities are often thought of as being one and the same, but it’s essential to remember that meeting compliance typically results in a minimal baseline of protection. To really reduce your risk profile, you need to look beyond compliance standards.
An example of how you can leave your organisation vulnerable despite achieving compliance, is around the area of end-of-life IT assets. IT managers are focused on the security of live equipment, but as soon as it’s retired, the security of that redundant IT equipment is put on the backburner. One reason companies often take this approach is WEEE regulation, which isn’t actually related to IT security but rather to the environmentally responsible disposal of electronic equipment. Although the principle itself is sound, redundant IT is defined as simple electrical waste, with little consideration for the risk of data breach.
Prioritise Risk Reduction
When it comes to investing in security processes, organisations need to prioritise reducing risk and implement compliance frameworks that benefit their business. This approach can actually ease companies through an accreditation process. A strategy of risk reduction may already see the employment of best-practice protocols.
Working with an accredited IT disposal company can eliminate the risk of data leaks, thereby preventing exposure to potentially crippling GDPR fines. AMI are the only Irish company accredited to the Asset Disposal & Information Security Alliance (ADISA) IT disposal standard. We utilise the most advanced processes and equipment, including Blancco data erasure software, to guarantee complete data destruction.