Deleting Personal Data - Data Protection Act / GDPR
The Data Protection Act 1998 (the DPA) is based around eight principles of good information handling. These give individuals and businesses specific rights in relation to their personal information and place certain obligations on those organisations that are responsible for processing it.
An overview of the main provisions of the DPA can be found in The Guide to Data Protection on the ico.org website. CPR Computers are registered with the ICO (A8267121) and the way in which we handle data is registered with and governed by The Information Comissioners Office.
This pages represents the policy for CPR Computer Recycling.
This page explains what we to do to make sure we comply with the DPA (soon to be GDPR) when we destroy personal data.
What the DPA says
The DPA does not define 'delete' or 'deletion' - but a plain English interpretation implies 'destruction'. In the days of paper records it was relatively easy to say whether information had been deleted or not, for example through incineration.
The situation can be less certain with electronic storage, where information that has been 'deleted' may still exist, in some form or another, within an organisation's systems. The deletion of personal data is an important activity in data protection, given the fifth data protection principle's requirement that "personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes".
CPR Computer Recycling Policy
In all cases, CPR do not copy or retain or even view any data found on any media received.
All Computer Hard Drives, NAS Drives, Flash Drives and Optical media such as CD's and DVD's are securely wiped through a triple layer formatting and rewriting process to British HMG IS5 Enhanced Infosec Standards upon receipt.
Once the data has been wiped, manual security scans are carried out on all media so as to ensure that no data, hidden or otherwise, can be retrieved.
In the case of Personal Computer hard drives, these are then re-mounted and re-installed with the Manufacturers factory based operating system which completes a further hard drive format prior to installation.
A downloadable PDF version of this document can be found here
Our full GDPR Policy Documents can be downloaded here