With just more than a month left, companies are still rushing to become compliant with the EU’s General Data Protection Regulation (GDPR), which goes into effect May 25. However, many organizations that will be affected by the GDPR seem to only be focused on the storage of personal data when there is so much more that needs to be changed to ensure compliance. One such factor being overlooked is proper and compliant e-waste disposal. But, this could all change with the impending GDPR. IDG Connect reports that the GDPR could be the tipping point to convince organizations to deal with the growing problem of electronic waste.
Recent e-waste figures suggest there is a lack of will among enterprises to manage electronic waste. Currently, total waste is expected to rise annually to 52.2 million metric tons by 2021 globally. And with the GDPR armed with severe financial penalties (up to nearly $24.5 million USD or four percent of turnover) that will be imposed on non-compliant businesses, which will also include businesses suffering data breaches, organizations are doing all they can to find any flaws in their systems and reportings before GDPR’s implementation.
When you consider that UK telecom and broadband provider TalkTalk was fined nearly $490,000 USD and $122,000 USD, respectively, for two separate data loss incidents, that puts the GDPR policies into perspective. The NCC Group, a global expert in cyber security and risk mitigation, pointed out that under the GDPR policies, fines for these types of incidents could rise to more than $61 million USD. Coupled with the increasing amount of smartphones, tablets, laptops and hard drives – all of which contains confidential information – companies will have a difficult time managing all these devices especially as these products reach the end of their useable lives.
According to a recently published International Solid Waste Association (ISWA) research report, only 20 percent of e-waste is ‘documented to be collected and properly recycled,’ which means that the remaining 80 percent of the waste could in theory be open to abuse. This is where an e-waste issue could quickly become a GDPR issue.
“Businesses across the board are finding it almost impossible to delete data,” comments Nick Taylor, head of Accenture Security UK, to IDG Connect. “This is largely due to nervousness about losing something that could later be required for further regulation, including GDPR, or querying from clients. This is particularly prevalent in the financial sector. Further barriers to data deletion include the mammoth infrastructure challenge. Data is often stored in complex, multi-layered legacy systems.”
While organizations are increasingly becoming aware of ITAD service provider options, there still seems to be challenges for businesses to erase data correctly or in a manner that is up to standard. In particular, enterprises that lease IT equipment are running into obstacles in their race to GDPR compliance. Charles Stewardson, president of FutureDial, says that enterprises need to work with leasing companies to form policies with strict rules.
“Leasing firms need to know the value of the equipment for resale and need an efficient regulatory process in handling data,” he said. “No one wants a convoluted supply chain for e-waste because it can get very expensive.”
And when devices, legacy IT and telephony equipment in particularly, take up this much time and resource to be managed, it’s no wonder why recycling rates are so low. When there is a lack of effective device processing and regulation, most devices end up in landfills, something which is extremely harmful to the environment.
“GDPR will certain by a catalyst for enterprises tackling e-waste,” Stewardson comments. “A lot of enterprises are looking to comply and that means a knock-on effect in terms of managing devices and ensuring data is erased to an international standard.”
Despite rising global e-waste amounts, the recycled phone industry has seen significant growth in the past few years. Last year alone, sales for recycled phones were worth nearly $19.7 billion USD. Reports from Persistence Market Research predict this amount is expected to grow to $30 billion USD in the global market by 2020. Factoring in the rising cost of smartphones, it’s pretty understandable why businesses in particular are looking at the recycled market to equip their vast staff with devices.
Ultimately, it seems that the GDPR will bring about much more than just secure protection for client’s data. Armed with hefty fines and steep penalties, the GDPR could just be the necessary driving factor to push organizations to take the growing global e-waste issue more seriously.