Skip to Search Skip to Content Skip to Footer
Sims Lifecycle Services
  • Locations
  • Blog
  • Client Portal
  • Contact
  • English
    • Deutsch
Menu
  • For Data Centers
    • Overview
    • Cloud Data Center Services
    • Colocation Data Center
    • Ultimate Decommissioning Guide
    • SLS plays a key role in helping companies manage ongoing technology shifts in data centers. Our record of success includes working with businesses, data centers and major cloud companies to provide periodic decommissioning of older data center equipment.
  • For Businesses
    • Overview
    • ITAD Services
      • RFP Template for ITAD
    • IT Asset Recovery
    • Data Destruction
      • On-Site Data Destruction
      • Bulk Data Destruction Services
      • Storage Device Types
      • Data Destruction Standards
      • Vendor Selection
    • On-Premise Data Center Decommissioning
    • E-Waste Recycling
    • ITAD Reporting and Portal
    • Logistics
    • Equipment We Process
    • SLS provides secure and compliant global IT asset disposition (ITAD), e-waste recycling and data center decommissioning services for businesses. We refurbish, repair and restore materials for continued useful life. In addition to facilitating reuse of equipment, SLS also recycles discarded electronics, transforming waste to raw material. Recycling diverts material from landfill or incineration and provides a feedstock for making next generation products.
  • For Manufacturers
    • Overview
    • Returns Management
    • Refining
    • Certified Destruction
    • Defense Contractors
    • Recycling
    • Extended Producer Responsibility
    • Portal and Reports
    • Recycling Innovation
    • How Computers Are Recycled
    • We work with manufacturers to manage reverse logistics and recover value from returned equipment. We resell whole units, manage spare parts recovery and responsibly recycle obsolete equipment. We also work with manufacturers in managing their extended producer responsibility requirements.
  • Global
    • Overview
    • Compliance
      • GDPR FAQ
    • Client Sustainability
      • Sustainability Reporting
      • Circular Economy Explained
    • International Associations
    • Consumer E-Waste
    • Leading companies trust SLS to provide a globally coordinated e-waste recycling and ITAD single solution with a high focus on data security, regulatory and corporate compliance, value recovery and sustainability.
  • About Us
    • Overview
    • Certifications
    • Sustainability at Sims
    • EH&S
    • Equipment We Process
    • Careers
    • As a business division of Sims Limited, SLS has the global reach, expertise, and infrastructure necessary to ensure to our customers that all electronic devices are processed in a secure and environmentally responsible manner.
  • News
    • Blog
    • Videos
    • Resources
    • Infographics
    • Press Releases
    • Backed by a global network of IT asset disposition and e-recycling facilities, SLS is a leader in compliant disposition and recycling of electronic equipment. Stay up-to-date with our press releases, blog, newsletter, case studies, white papers, tip sheets, infographics and videos.

NEW! - HOW TO GUIDE: Template for Developing IT Asset Disposition (ITAD) RFP

Get Your Copy

IT Asset Disposition Partners Prepare for General Data Protection Regulation

Menu
  • Locations
  • Blog
  • Client Portal
  • Contact
January 13, 2018
by SLS Media

The European Union’s (EU) General Data Protection Regulation (GDPR) is understandably a topic of intense discussion and review among IT asset disposition (ITAD) professionals. Adopted in April 2016 and scheduled to come into effect in May 2018, the regulation will apply to all organisations – public and private, anywhere in the world – that handle, store or process the personal data of EU citizens.

The legal and financial ramifications of the law will be profound. Consequences of non-compliance are dire, including fines of up to €20,000,000 ($24,490,600) or 4 percent of global turnover, as well as the risk of class action lawsuits from data breach victims. Violators will also inevitably see disruption to business and damage to their reputation.

With the goal of strengthening the data protection rights of EU citizens, the GDPR also aims to clarify regulatory guidelines for international business. Still, the law looks complex and many organizations worldwide see complying with it as a challenge. But the idea at the core of the GDPR that “everyone has the right to protection of personal data concerning him or her” is one that has always been central to the ITAD industry’s best practice.

To be fully compliant with GDPR, ITAD providers must have in place both technical and organizational measures that ensure the personal data of EU citizens is completely secure. Industry accreditations can provide assurances that personal and corporate data is securely managed. ISO 27001 confirms that a company works within a suitable framework for managing data security risk, regularly reviewing and improving processes. Certifications, such as this one, are therefore useful indicators that an ITAD provider complies with critical elements of GDPR regulations.

[bctt tweet=”The broad scope of GDPR seems daunting, but also holds potential for great opportunity & growth for ITAD providers.” via=”no”]

ITAD providers need to ensure their internal organizational systems are up to the same unassailable standards as their technical ones. These organizational mandates will help to further mitigate the risk of a data breach and keep ITAD providers compliant with GDPR. Fortunately, some of these measures are fairly straight-forward.

Every company, regardless of size, will be required to name a Data Protection Officer (DPO) to oversee compliance with regulations. This person can be an employee or third-party provider with, “expert knowledge of data protection laws and practices” (though Member States have the option to require stricter criteria). The DPO will be responsible for training staff and conducting internal audits, as well as notifying the supervisory authorities if and when a data breach does occur. These reports must be made “without undue delay” and within 72 hours of when the breach is discovered, whether it is accidental or the result of negligence. In some instances the DPO will also be required to notify the individuals whose data was compromised.

ITAD providers will also need to give careful consideration to their cyber liability insurance coverage. Providers should have in place appropriate protection and insurance backed by a professional specialist third party incident and damage limitation support service. This is preferable to relying on potentially protracted traditional contractual redress.

The GDPR raises the threshold for obtaining data subject consent. Instead of using “opt-out” consent, individuals must now “opt-in” using “freely given, specific, informed, and unambiguous” actions. For example, customers receiving newsletters or email updates must explicitly agree to be on that distribution list. Pre-ticked boxes left untouched will no longer be considered consent.

Since the UK’s vote for “Brexit” in June, there has also been a great deal of discussion on how this will impact adoption of the GDPR here. Currently, the Government plans to implement the GDPR, as it will come into force before the UK leaves the EU. There are no plans to make changes to the regulation, though that has not been discounted in the long-term.

The broad scope of the GDPR seems daunting, but this changing landscape also holds potential for great opportunity and growth for ITAD providers. Considering the technological requirements and risk involved with data wiping, many companies and agencies will likely outsource that work to a provider with accredited operations already in place. As unnerving as the monetary fines are for big companies, they could be totally crippling to a smaller business. Because the ITAD industry is well-positioned to assure personal data security throughout Europe, we are well-positioned to comply with – and even grow from – the GDPR.

Learn more about the data destruction techniques that can help you be compliant with GDPR.

Posted in: Global ITAD Solutions, IT Asset Disposition
Previous Post Next Post

Circular Newsletter

Data Center Services

Learn More

Regions

  • Americas
  • Global
  • EMEA
  • APAC

Topics

Archives

Sims Lifecycle Services
  • Corporate Information
    • About Us
    • Certifications
    • Locations
  • Services
    • For Data Centers
    • For Businesses
    • For Electronics Manufacturers
    • Data Destruction
    • Global Services
  • Contact
    • Email
    • News
    • Blog
  • Sims Limited
    • SLS is a business division of Sims Limited. Discover how Sims Limited plays an integral role in the circular economy by making resources available for future use.
      Visit the Sims Limited Website
  • Other Business Divisions (external websites)
    • Sims Metal
    • Sims Resource Renewal

Sign up for our newsletter

  • Visit Us on Instagram (opens new window)
  • Visit Us on Facebook (opens new window)
  • Visit Us on LinkedIn (opens new window)
Copyright © 2025 Sims Lifecycle Services, All Rights Reserved.
  • Privacy Policy
  • Legal
  • Terms of Use