1. Scope
This procedure covers all situations involving the disposal of removable storage media. Purple Frog Asset Management Limited must ensure that all removable storage media are cleaned before being disposed of. This policy covers Purple Frog Asset Management Limited and all its subsidiaries.
2. Responsibilities
It is the responsibility of Purple Frog Asset Management Limited’s Branch Managers to manage the secure disposal of all storage media that is no longer required, within branch, according to this procedure. Each Branch Manager will do this with reference to the company’s data controller. Each Branch Manager is also the owner of the relationship with the approved third-party contractor who removes shredded documents.
All owners of removable storage media are responsible for disposing of removable storage media according to this procedure.
3. Procedure
1. Hard disks must be formatted and cleaned of all data and software before being reused or disposed of
2. The secure disposal of disposable storage media as well as the disposal of all data processing equipment is the responsibility of individual Branch Managers, in association with the data controller
3. The data controller will keep a log demonstrating what media has been destroyed or disposed of, when and by whom. This is kept in the GDPR Compliance folder
4. Hard disks must be cleaned and verified by taking the following steps:
a. Can only be carried out by a senior member of staff (Branch Manager)
b. Confirm permission in writing from Managing Director
c. Hard drive must be cleaned using the manufacturer’s instructions
d. Completion of process must be witnessed by another member of staff
e. Once the cleaning is completed, the log book must be completed
5. Removable storage media devices that contain confidential information must be destroyed only after a risk assessment has been carried out and must never be reused
6. Removable storage media devices that contain confidential information must be subjected to a risk assessment before they are sent for repair in order to establish whether they ought to be repaired or replaced
7. The protocol for destroying removable storage media devices prior to disposal is as follows:
a. Can only be carried out by a senior member of staff
b. Confirm permission in writing from Managing Director
c. Hard drive must be cleaned using the manufacturer’s instructions
d. Completion of process must be witnessed by another member of staff
e. Once the cleaning is completed, the log book must be filled
8. All media must be disposed of according to the legal and regulatory requirements for the disposal of computer equipment
9. Documents that contain confidential and restricted information should be shredded by their owners prior to being destroyed. Shredders are located in each branch. The shredded waste must be removed by an approved service provider.
4. Document owner
The Data Protection Officer is the owner of this policy document and must ensure that it is periodically reviewed according to the review requirements contained herein.
The latest version of this policy document dated 25th May 2018 is available to all employees of Purple Frog Asset Management Limited on the shared directory: Compliance/GDPR.
This policy document was approved by Purple Frog Asset Management Limited’s Board of Directors and is issued by the Managing Director on a version controlled basis.