GDPR – How to deal with end of life data storage devices

What to do with the old devices? How to deal with them?

  • 17 October 2017
  • Author: Liam Phelan
  • Number of views: 3374

GDPR – How to deal with end of life data storage devices

With the fast approaching deadline of the new GDPR regulation, more and more questions are being asked. Despite the uncertainty of the moment, one thing needs to happen, we must change the way that we look at our data from a company perspective and from a consumer point of view. Most of the talks about the GDPR tend to concentrate on the devices and data that are in use in now. Another crucial point is the end of data storage devices. What to do with the old devices? How to deal with them?

The GDPR coalition recently published a guide orientating companies how to deal with this future issue. Here we summarised the main highlights.

Step 1 - Equipment at risk

Which kind of equipment might be in this category? Hard drives, solid drives, smartphones, tablets, USB drivers and electronic security badges. All equipment must be treated carefully once they are not in use anymore.

Step 2 – Time to review the risk

The action to be taken now is to assess your/clients’ current disposal policy and audit across the company as to what happens to end of life data storage equipment today.

Step 3 – Cloud included

All data counts, even if is no allocated in your company, you are responsible for it. If the data is stored on cloud services, you need to find out what disposal processes your/client’s service provider adheres to for their end of life server hard drives.

Step 4 – Destroy effectively

The only and safest way of ensuring 100% of your data is destroyed is to physically shred or disintegrate devices down to EU DIN security level standards.

Step 5 – Solution options

A destruction process can be carried out internally by using specialist shredding equipment, depending on the amount and frequency of data that you need to destroy. You can also hire an approved third-party data destruction company to do it for you.
Last, but not least

You must ensure that the ‘chain of custody’ of your data is not compromised by failing to control fully the data destruction process.

GDPR end of life storage devices guide

Preparation is key

With these new rules coming into place in May next year, companies need to be prepared to hit the ground running. New Horizons Ireland has the training courses needed to get your staff in a position of confidence in relation to the new regulations.

GDPR Certifications

Certified Information Privacy Professional


The “what” of privacy, and why you need it.

  • Legal
  • Compliance
  • Information Management
  • Data Governance
  • Human Resources

Duration: 2 days


  • Exam
  • IAPP membership
  • Official training

View outline

Certified Information Privacy Manager


The “how” of privacy operations, and why you need it.

  • Risk Management
  • Privacy Operations
  • Accountability
  • Audit
  • Privacy Analytics

Duration: 2 days


  • Exam
  • IAPP membership
  • Official training

View outline

Certified Information Privacy Technologist


The “how” of privacy and technology, and why you need it.

  • Information Technology
  • Information Security
  • Software Engineering
  • Privacy by Design 

Duration: 2 days


  • Exam
  • IAPP membership
  • Official training

View outline

Other Popular GDPR courses

The GDPR Primer for Data Protection Officers
2 Days

  • The social, historical and legal background leading to the general data protection regulation (GDPR)
  • Principle one: the criteria governing fair, open and transparent processing of personal data
  • The role of the data protection officer (DPO)
  • The remedies, liabilities and penalties available under the gdpr
  • Provisions for specific processing situations
  • Preparing for implementation of the GDPR

Outline and course dates

Watch our webinar

GDPR, IAPP Training and Certification: What you haven’t heard, and why you need to hear it before May 25th 2018

DATE:  02/15/2018

TIME:  5:00 am PST / 8:00 am EST / 1:00 pm GMT

PRESENTER:  Paul Jordan, Managing Director, Europe - IAPP

Most know that GDPR is taking effect on May 25th 2018 which requires organizations to prepare technology, processes and people towards gaining compliance. Due to this EU regulation there has been a recent surge of training solutions that have become available in the marketplace. Unfortunately many make claims that their training will make your organization GDPR compliant which is not possible. To help decipher how to best prepare your organization for GDPR compliance, we have enlisted the help of the world’s largest data privacy certification and membership organization, International Association of Privacy Professionals (IAPP). Paul Jordan, Managing Director – Europe IAPP, will provide clarity on why privacy and security sit on opposite sides of the front door to an organization, and how GDPR will impact organizations, people, technology and processes all over the world. Mr. Jordan will also will explain how IAPP’s ISO certified training, certifications and membership sets itself apart from other solutions. Do not miss this exceptional opportunity to hear the latest from Mr. Jordan while having the opportunity to ask questions how best to prepare your organization for GDPR and longer term data privacy needs.

Watch Now

Subscribe for more!

Never miss another free webinar. Get all the latest cheat sheets. Be informed about our complimentary training. Subscribe to our Newsletter now and and never miss out again!

Subscribe now

Please login or register to post comments.

Theme picker



Subscribe to our Newsletter

cheat sheet resources

Subscribe to our Newsletter for all the latest cheat sheets and resources.