IT equipment disposal is often treated as a straightforward operational task. However, studies consistently show that discarded hardware frequently still contains recoverable information. Research by the University of Hertfordshire’s Cyber Security Centre found that 65% of second-hand memory cards held recoverable data.
The General Data Protection Regulation (GDPR) sets clear legal requirements for how organisations handle personal data. Organisations are expected to take reasonable steps to delete data when it is no longer accurate or required, and to protect both the data and the equipment used to store it against unauthorised access throughout its lifecycle.