You may not realise it, but when electronic equipment comes to the end of it’s life, there are local laws which govern how it must
be disposed of. Modern electronics contain a mix of elements, many of which are environmentally damaging which means that, should they disposed of in normal waste, can pose a severe pollution risk. In Europe this disposal is covered by the Waste of electrical and electronic equipment (WEEE) directive. In addition to the environmental impact, many pieces of equipment hold valuable data, such as customer records, and require careful wiping before they are disposed of.
Unfortunately, many organisations ignore these regulations and dispose of electronic waste in the same way as they dispose of general waste which means they face fines of up to £5,000 under the WEEE directive and between €10 million to 4% of their organisations global annual turnover under the General Data Protection Regulation (GDPR). So how do you avoid fines for pollution and data loss?
Keep an accurate inventory
An accurate inventory of equipment is an important asset for any organisation. Not only does it allow you to to make strategic decisions on spending and provides information on the nett worth of the business, but it also allows you to know where equipment is, who is responsible for it and when equipment is likely to come to the end of it’s operational life. With this information, it is possible to judge what needs to be disposed of and recall the equipment so that it can be correctly disposed of.
Create robust procedures
Creating and writing up procedures can be a time consuming process, but they are very important. Robust procedures help ensure that equipment is disposed of properly, prevents mistakes and act as a reference for staff so they know exactly what should be done. You should also reference other procedures for data loss prevention and accidental breaches.
Communicate the requirements to staff
Depending on the size of your organisation, preventing the unauthorised disposal of equipment by staff can be quite difficult. Ensure that the requirements and procedures are properly communicated to staff so that they understand what they have to do when an item of electronic equipment needs to be disposed of.
Dispose of data on equipment correctly
Computers, mobile phones, tablets and even networking equipment hold considerable amounts of information on your organisation. You may have a legal duty to ensure that some of this data is not released while other information may provide an insight to anyone planning hacks or cyber attacks. Make sure that any equipment is wiped to the required standard and you have a certified disposal report to prove that the data has been wiped correctly.
Dispose of equipment via an approved disposal method
The disposal of equipment must be carried out at an approved disposal centre. For most organisations, this will be a commercial company who specialises in the legal disposal of equipment. Ensure that you have a record of disposal (to go with your records of ownership and purchase) to prove that the equipment was disposed of legally.
Although it can be tempting to “throw it in the bin”, dealing with electrical waste requires special consideration. Both environmental and data protection laws are stringent in their requirements and hefty fines can be levied for non-compliance.
Although some of the work can be done in-house, if you have the right skills, the most cost effective solution is to employ a specialist contractor to handle the waste and get professional help with the policies and procedures needed to keep your organisation protected. In both cases, IXCG is able to assist by providing consultancy and training to ensure that staff know what to do and a range of data disposal solutions to help organisations to stay compliant.