The EU General Data Protection Regulation The Impact on IT Asset Disposal
Who are Greenworld David Aitken FCCA Managing Director Europe s leading ON-SITE data destruction and redundant IT equipment disposal company Over 25 years worldwide, military background, management expertise First UK company accredited to:- ISO 27001 : 2013 Information Security ISO 14001 - Environmental ISO 9001 Quality BS OHSAS 18001 Health & Safety
Our Service Greenworld specialise in Secure On-Site Data Destruction to Military Standards and ethical, environmental re-marketing or recycling of end of life IT equipment Europe's Class Leading Service Eliminates the substantial risks associated with Data Loss on redundant asset disposal Eliminates the Substantial Environmental Risks Associated with Redundant Asset Disposal Uses Ethical and Environmentally friendly disposal methodologies
Our Clients
The Risks What's Changed? New European Data Protection Regulations Fines - 20m Euros or 4% of Global Turnover Level Playing Field Public/Private European Enforcement Loss of client and public confidence Loss of customer confidence Share price drop FCA fines WEEE legislation Criminal prosecution and unlimited fines Extensive adverse Corporate Social Responsibility exposure
Recent Disasters DATA - BEFORE new European Regulations Nationwide fined 980K plus class action Surrey NHS fined 325K Sussex Police fined 200K WEEE before new European Regulations Original 2006 Revised 2014 - Prosecutions taking up to 5 years Recycler fined 112k and Directors face 18 months imprisonment NHS Killing Children in Ghana Terra Blight Toxic dumping killing children in Africa
Ongoing Disasters - Terra Blight Dumping WEEE on toxic dumps in Africa destroying the environment and killing children through pollution
Data Destruction
Data Destruction A Disaster Waiting To Happen
Data Destruction - The Issues New IT equipment is SEXY, Redundant Equipment is forgotten Majority of Disposal Companies generalists NOT Specialists Off Site Data Destruction Huge Uninsurable Risk Few specialists but expertise & focus is equipment resale and OFF-SITE data destruction No specially trained ON-SITE Data Destruction Teams, limited/no security vetting and use of agency staff Asset registers are rarely 100% accurate If you don t know 100% the assets that you have,how can you prove you have destroyed the data on them upon disposal? - Technically Data Loss Unapproved methods of data destruction Data is recoverable Technology & Equipment continually changing - Obsolete methods of data destruction Data is recoverable
Data Destruction The Essentials Specialist 100% ON-SITE data destruction ONLY All Data Destruction MUST be completed in front of the Client - Your Data can NEVER leaves your premises All ON-SITE data destruction teams must have have police SC clearance or similar Complete Integrity - Nigeria pay 10 each for consumers details Complete On-Site Asset Reconciliation/Signover with Hard Drive Check ALL Data Destruction MUST be completed ON-SITE to Military Standards All destruction equipment, software and methodologies MUST be continually updated for emerging and advancing technologies Data Destruction MUST be certified, auditable and insured to a minimum of 5m against Data Recovery Zero Tolerance to Data Loss Must be employed
Data Destruction - Asset Types Just Hard Drives? NO Certified ON-SITE Data Destruction to Military Standards on ALL Data Assets Including : Servers Systems PC & Mac Laptops & Tablets Hard Drives Traditional & Solid State Tapes Server Back up, Video Floppy Discs Mobile Phones, Smart Phones & PDA s USB Sticks Optical Media DVD s & CD s
WEEE Disposal
WEEE Disposal - The Issues WEEE world s largest growing waste stream contains extremely harmful chemicals that pollute the environment WEEE equipment dumped on toxic dumps in Africa and Asia Destroying the environment Killing children exposed to the toxins mining metals by hand WEEE legislation enforces the correct environmentally friendly disposal of WEEE but only applies to Europe Dumping WEEE Outside of the US and Europe is wide scale,very lucrative and simple - Acquiring a Waste Carriers Licence is easy Prosecution for a WEEE breach is made throughout the disposal chain including the client Easy to trace through client markings Client MUST prove correct due diligence within the disposal process and complete traceability of all assets to avoid prosecution
WEEE Disposal - The Essentials MUST be ISO 14001 and 9001 Accredited Close links with the Environment Agency MUST have complete On-Site Asset Reconciliation Assets MUST be tracked individually through all stages of their complete disposal lifecycle from On-Site signover to ultimate disposal ESSENTIAL - Complete debranding of all equipment removing all client markings All equipment MUST be fully tested & categorised Remarket or Recycle Ethical Equipment Remarketing HAS to be supported by comprehensive procedures, market & customer knowledge Equipment MUST be recycled to strict environmental standards with UK ZERO TOLERANCE TO ASSET LOSS - ESSENTIAL
WEEE Disposal Asset Types Just Printers? NO Certified WEEE compliant fully auditable disposal to strict environmental standards including: All Data Assets All Non Data Assets Including : Printers Monitors CRT & TFT Server racks Networking equipment Power cables Keyboards/mice etc.
Systems Monitoring & Auditing
Systems Monitoring & Auditing You cannot prove total disposal compliance if your Asset Register is not 100% accurate
Systems Monitoring & Auditing The Issues Every Asset disposal MUST be reconciled to Client s Asset Management System Every Asset s Data Status MUST be reconciled to the Clients Asset Management System Every Data Asset Disposal MUST have a military standard Data Destruction certificate Every Asset Disposal MUST have complete transparent traceability through the disposal lifecycle for WEEE compliance
Monitoring & Auditing The Essentials MUST have a Secure Asset Management system to protect Clients and manage Clients Assets through the complete disposal process Secure Client portal providing:- Data On Site Asset Sign overs and Data Destruction Certification Current and pending Data Protection regulations Recent Data Disasters Environmental Recycled equipment analysis & Proprietary CO2 Savings Reporting Current and pending Environmental regulations Recent Environmental Disasters Asset Reconciliation and Management - Virtual Stockroom Virtual Stockrooms with Asset Quarantine function for discrepancies Direct Reconciliation with Data Destruction and Asset disposal Certification Asset detail export for integration with Client Asset Management System
Corporate Social Responsibility
Corporate Social Responsibility - WEEE Disposal If your not sure where your Assets have gone how can you prove they are not destroying lives and the environment?
CSR - WEEE Disposal - Terra Blight Dumping WEEE on toxic dumps in Africa destroying the Environment and killing children through pollution
CSR - WEEE Disposal Remarketing & Recycling Remarketing Environmentally - the best option New Asset not being manufactured & no recycling energy usage Significant Carbon footprint reduction Tonnes of CO2 saved 90% equipment remarketed Ethically the best option Provides low cost quality IT equipment Commercially - the best option Significant revenue returned to client Secure Remarketing Only deal with trusted end-users - never brokers Recycling If cannot be remarketed recycle to strict environmental standards - ISO 9001/14001 0% landfill Fully recycle within the UK and fully auditable Exceeds all WEEE Legislation
Asset Disposal Commercials
Asset Disposal Commercials The COST of disposal is irrelevant if the RISK is not totally eradicated
Asset Disposal Commercials RISKS New European Data Protection Regulation Fines - 4% of Global Turnover or 20m Euros WEEE legislation Revised 2014 Criminal prosecution and unlimited fines COMMERCIALS If redundant equipment is - 5 years old the disposal should be Cost Neutral 3 or 4 years old the disposal should be Net Revenue
Thank you Q & A