Is the GDPR negatively impacting on the circular economy?

GDPR 

Eight months since the GDPR came into force in May 2018, the world hasn’t collapsed, and the sun did come up this morning. Generally accepted as a good thing although a cause for a certain amount of anxiety for Data Controllers and Data Processors.


“What is the difference between a data processor and a data controller?
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.” https://eugdpr.org/the-regulation/gdpr-faqs/

With the penalties for breaches of the GDPR being potentially disastrous for organisations who take compliance seriously, a certain amount of “over kill” is to be expected until things settle down and GDPR Compliance becomes part of normal business process.

This is where the GDPR and the Circular Economy interact.  With global data storage growing exponentially, swapping out hard drives for ever bigger and faster units produces larger and larger amounts of used hard drives containing sensitive data that needs to be destroyed and the best way to guarantee destruction is to have a hard drive shredder on site, with the shredded residue going for metals recovery. This, in itself, is fine as the separated materials recovery rate for reuse is over 90%.

The problem is that many of the hard drives destroyed have capacities of 1, 2,3, 4 Terabyte+ and if properly wiped and remastered have considerable life left for use in secondary markets. I have not been able to find any information about the carbon footprint of producing a new 4Tb hard drive but, we can be certain that it is considerably higher than the cost of wiping and remastering an existing reusable hard drive.

GDPR Compliant Data Destruction

Here at Electronic Recycling we can provide all of the data destruction services mentioned above, we can put a mobile shredder on site for large quantities of hard drives ( 30+). For smaller quantities we can securely collect drives for immediate delivery and shredding at our facility in Finglas or, using our Proteus system by Teleplan we can absolutely securely test, wipe and soft repair drives for reuse, either on your site for larger quantities or at our facility in Finglas. Any drives that fail the Proteus tests are shredded in the normal way.

Revenues generated are shared with the client, turning a cost of destruction into a revenue generator and at the same time contributing to the circular economy, the best of both worlds.

If you have responsibility for data destruction, talk to us, we take that responsibility seriously.

Posted in: Environment, GDPR, WEEE

GDPR Protection of Personal Data from 25th May 2018

General Data Protection Regulations, GDPR
GDPR


On May 25th the EU General Data Protection Regulation, GDPR will come directly into force across the EU. This is a “Regulation” so therefore it does not need individual Member State transposition into national laws, it applies automatically and immediately.



The aim if the regulation
It allows European Union (EU) citizens to better control their personal data. It also modernises and unifies rules allowing businesses to reduce red tape and to benefit from greater consumer trust.

The general data protection regulation (GDPR) is part of the EU data protection reform package, along with the data protection directive for police and criminal justice authorities.

Key Points

Citizens’ rights
The GDPR strengthens existing rights, provides for new rights and gives citizens more control over their personal data. These include:

Easier access to their data
including providing more information on how that data is processed and ensuring that that information is available in a clear and understandable way;

A new right to data portability
making it easier to transmit personal data between service providers;

A clearer right to erasure (‘right to be forgotten’)
when an individual no longer wants their data processed and there is no legitimate reason to keep it, the data will be deleted;

Right to know when their personal data has been hacked
Companies and organisations will have to inform individuals promptly of serious data breaches. They will also have to notify the relevant data protection supervisory authority.

Rules for businesses

The GDPR is designed to create business opportunities and stimulate innovation through a number of steps including:

A single set of EU-wide rules
a single EU-wide law for data protection is estimated to make savings of €2.3 billion per year;

A data protection officer
responsible for data protection, will be designated by public authorities and by businesses which process data on a large scale;

One-stop-shop
businesses only have to deal with one single supervisory authority (in the EU country in which they are mainly based);

EU rules for non-EU companies;
companies based outside the EU must apply the same rules when offering services or goods, or monitoring behaviour of individuals within the EU;

Innovation-friendly rules
a guarantee that data protection safeguards are built into products and services from the earliest stage of development (data protection by design and by default);

Privacy-friendly techniques
such as pseudonymising (when identifying fields within a data record are replaced by one or more artificial identifiers) and encryption (when data is coded in such a way that only authorised parties can read it);

Removal of notifications
The new data protection rules will scrap most notification obligations and the costs associated with these. One of the aims of the data protection regulation is to remove obstacles to free flow of personal data within the EU. This will make it easier for businesses to expand;

Impact assessments
Businesses will have to carry out impact assessments when data processing may result in a high risk for the rights and freedoms of individuals;

Record-keeping
SMEs are not required to keep records of processing activities, unless the processing is regular or likely to result in a risk to the rights and freedoms of the person whose data is being processed.


*************************************

Data Security and the regulation covering the GDPR does not end when you are no longer using the storage media that contains the data. It is important to make certain that your GDPR implementation strategy includes a process for dealing with end of life data storage media.

This is where Electronic Recycling can help. We have been managing secure data destruction since 2009 check out our Data Destruction page.

If you have responsibility for the GDPR implementation, give us a shout, we take that responsibility seriously.

Reference: EUR-Lex, Access to European Law 

Posted in: Business, Data Security, GDPR