54% of educational institutions have not wiped old ICT equipment of data
Failing to wipe data from redundant IT equipment before disposal could lead to a risk of penalties under GDPR
Despite GDPR legislation having come into effect over four months ago, the majority of UK educational organisations are now risking penalties by failing to adhere to some of the rules.
According to a survey of 1,002 UK workers in full or part-time employment, carried out by Probrand.co.uk, the majority (54%) of organisations in the education sector failed to wipe the data from IT equipment they disposed of in the two months following GDPR.
This news is perhaps less surprising given the research also found that 78% of educational organisations surveyed do not have an official process or protocol for disposing of obsolete IT equipment.
What’s more, 59% of workers in the education sector admit they wouldn’t even know who to approach within their company in order to correctly dispose of old or unusable equipment.
Worryingly, according to the data, educational organisations are one of the industries most guilty of this.
It is clear that more needs to be done to ensure that all businesses and organisations have a disposal procedure in place to avoid inadvertently leaking sensitive data.
– Matt Coyle, Probrand.co.uk
The top 5 industries with the worst records for clearing the memory off IT equipment before disposal in the months following GDPR were: transportation (72%), sales and marketing (62%), manufacturing (59%), utilities (58%) and retail (57%).
Matt Royle, Marketing Director at Probrand.co.uk commented: “Given the amount of publicity around GDPR it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance. So, it is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices.”
“This is especially startling to see from organisations within the education sector, where sensitive information is handled all the time.”
“The fines involved in a GDPR breach can potentially run into the millions – and what appear to be less tangible impactors, like reputational damage, customer trust and loyalty, will ultimately become financially significant.”
“Given these findings, it is clear that more needs to be done to ensure that all businesses and organisations have a disposal procedure in place to avoid inadvertently leaking sensitive data.”
The top 10 industries which are most guilty of not clearing the memory of IT equipment before it is disposed of:
1. Transportation – 72%
2. Sales and marketing – 62%
3. Manufacturing – 59%
4. Utilities – 58%
5. Retail – 57%
6. Education – 54%
7. Leisure and travel – 49%
8. Healthcare and hospitality – 45%
9. Trades / administration – 44%
10. Information and communication – 39%