Businesses risk penalties by not wiping data from old equipment
New research from IT procurement company Probrand shows that 68 percent of UK businesses have failed to wipe the data from IT equipment before disposal, leaving them open to fines under GDPR if data is exposed.
In addition 70 percent admit to not having an official process or protocol for disposing of obsolete IT equipment.
What's more, even four months after GDPR came into effect, 66 percent of workers admit they wouldn't know who to approach in their company in order to correctly dispose of old or unusable equipment.
Matt Royle, marketing director at Probrand says:
Given the amount of publicity around GDPR it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance. So, it is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices.
The fines involved in a GDPR breach can potentially run into the millions -- and what appear to be less tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.
Given these findings, it is clear that more needs to be done to ensure that all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive data.
Transportation businesses -- many of which will have customer and client addresses and contact information on their systems -- are the most guilty of not properly wiping systems, with 72 percent failing to do so. Sales and marketing organizations come next on 62 percent, with manufacturing (59 percent), utilities (58 percent) and retail (57 percent). Information and communication businesses have the best record but 39 percent are still failing to clean up their old kit properly.