Free and secure IT Disposal & Data Erasure, full audit trail and 100% recycled. No landfill. No incineration.
Secure Logistics, Security Cleared Employees, Online Portal Account, and cashback potential on equipment! ALL FOR FREE!
Our Certified data erasure guarantees data is destroyed securely
We are audited by forensically to check our data erasure methods on UNANNOUNCED audits!.
Our clients come to us because they know that we can take care of the entire IT Asset management process.
Our Services include IT installation services , IT Deployment , Software Deployment services, IT Decommission Services, Data Centre Migrations, IT Disposal , Data Destruction Services and Data Shredding on site and offsite!
We can shred any data bearing media onsite and offsite down to 6mm particles!
We offer harddrive shredding , backup tape shredding, data shredding services
Features | Other ITADs | GIGACYCLE |
---|---|---|
Free Collections | ||
Comprehensive Audit Trail | ||
Licensed Waste Carrier | ||
Certified & Secure Data Destruction | ||
Own Fleet of Secure CCTV GPS Tracked Logistics | ||
Computer Security Awards Secure Data & Asset Disposal Company of the Year 2022 | ||
Staff Security Vetted to BS7858 Standards (SC Cleared) | ||
NO Third Parties / Contractors |
Your Assets are securely collected using our own satellite tracked vehicles and security vetted staff
We will itemise any asset tag every item, this is visible immediately in our online collection portal
We will securely wipe all data and remove any identifying markings on all assets
We will refurbish and repair the IT equipment
Your assets are re marketed using our specialist sales channels to obtain the highest value, You will then receive the Revenue back for the Equipment!
About Us
Summary of Services
Secure IT Disposal
Asset Management & Re-Marketing (Cash back or Value Recovery)
Certified Data Erasure
Data Destruction
IT Redeployment
GDPR Compliance
Items We Collect & Recycling Jobs Manchester Services We provide a free IT recycling collection service for free IT disposal, secure pc disposal, free recycle Manchester collections and computer recycling. Along with recycling laptops and computers we actually collect a range of other electrical equipment listed below:
Gigacycle News
How to choose the right IT Disposal & Computer Recycling provider.
Many computer hardware recycling and weee recycling companies offer the same services with little variance in quality of service. The standard collection and erasure service is usually free of charge in order to catch the large amount of business that is searching for “free weee recycling uk”, “free computer disposal” or “free computer recycling.” How can they offer it for free? The standard proposition invites free collections, erasure and recycling of I.T equipment in the hope of recouping costs through refurbishment and re-sale. Unfortunately a large portion of IT asset disposal firms undertake significant environmental and information security risks in the pursuit of higher re-sale values.Where Gigacycle differs from many of these companies is that we are regulated by strict authoring bodies to ensure any pc recycling uk services and data erasure that takes place is executed with minimal risk and minimal impact. Our regulators include the Information Commissioner’s Office, the National Cyber Security Centre, the Centre for the Protection of National Infrastructure, the Environment Agency, CIS for our ISO 9001/14001/27001 standards and the Asset Disposal and Information Security Alliance (ADISA) for the start-to-end process that covers our entire operation. If your current computer equipment disposal provider does not comply with the regulations above at the least, your company is at risk of being the subject of a major data breach.
From examples in the media we’ve all seen that a data breach can cause havoc when made public. Not only is it hazardous from a public relations and national security perspective but a data breach can now land you a 4% annual global revenue fine under the new General Data Protection Regulation. This regulation is replacing the Data Protection Act and the ICO is gearing up to heavily enforce the regulation from May 2018. As a result a lot of UK companies have either invested in GDPR compliance consulting or have denied their non-compliance and are choosing to remain reactive rather than proactive. A lot of companies are simply unaware of the implications of the GDPR.
Gigacycle offers a free collection, erasure and computer disposal UK service which makes some level of GDPR compliance available and easily accessible to all organisations. At any stage of an organisation’s compliance gap project Gigacycle can assist in fulfilling the information and asset disposal section of the GDPR.
GDPR compliance isn’t just about following the law – in our industry GDPR compliance translates directly to risk mitigation. Most organisations won’t see value past residual equipment value in recycling and having a company like Gigacycle erase your data but what Gigacycle really does is mitigate risk through offering GDPR compliance. In the case that an organisation encounters a data breach and the ICO concludes that the organisation had no service-level agreement in place to handle data erasure and old computer disposal, the organisation is wholly liable for the damages and will be fined. Not only will the organisation be fined for the data breach but also for not having the correct computer recycling and data erasure agreement in place. Unfortunately there was a case in 2013 with NHS Surrey where a fine was issued to the organisation for not having a contract in place with their computer store Manchester disposal provider. When you look into the case, NHS Surrey actually made the decision to leave an approved supplier and hand their data to a new supplier who did not offer any contract and who didn’t have the correct accreditation or even processes in place. As a result, over 3,000 patient records contained on computers that were sold on eBay by the computer disposal firm were compromised. This is a perfect example to highlight the difference between Gigacycle and other IT disposal firms, but also highlights that organisations can still be fined where due diligence is not exercised. A good IT disposal firm will recommend the correct steps to ensure full compliance and will never leave an organisation in the dark. The total fine issued to NHS Surrey was £200,000.If that organisation had an agreement in place with a company like Gigacycle, that organisation would have encountered no loss as the service-level agreement relieves that organisation of any risks and responsibility in recycling and erasure. Furthermore, that organisation would not have experienced a breach in the first place.
Through experience in this industry we can easily summarise that most organisations leave computer hardware disposal to internal staff that lack the knowledge or experience to understand the ramifications of choosing the wrong IT disposal firm or not outsourcing their recycling and erasure activities. Again, it’s an issue that the GDPR was drafted to resolve and yet most companies are unaware of what’s required.
There is a huge fiscal value in risk mitigation as exemplified by the NHS Surrey case. However, a lot of organisations still aren’t making the right decisions simply because the decision maker is usually unaware of the importance of secure computer recycling and disposal. It’s perhaps the most important part of the GDPR, one that isn’t stressed enough even though it’s a serious safety issue. Under the GDPR most public authorities, organisations that carry out large scale systematic monitoring of individuals such as market research companies, and organisations that process large amounts of sensitive information need to appoint a Data Protection Officer. This falls under the accountability principle in Article 5(2) of the GDPR that requires you to demonstrate that organisations comply with principles and states explicitly that this is the organisation’s responsibility
There are several benefits to appointing a Data Protection Officer. Specifically, the appointment of a DPO means an organisation has a dedicated member of staff to review all data processing and information handling activities. In our experience, a majority of companies assign the responsibilities of a data protection officer to a member of staff without assigning a title. As a result that member of staff lacks the due diligence to ensure data processing activities are recorded and audited. This commonly leads to decisions being made in computer disposals limited and data erasure that are severely non-compliant and introduces a high level of risk. For those companies that are not required by law to appoint a Data Protection Officer, it is still important to remain proactive and not to be complacent. Organisations still need educated and dedicated personnel to record data processing activities and ensure compliance. Currently, a lot of organisations that don’t require Data Protection Officers under the GDPR are turning to local consultancies to bulletproof their processes for the GDPR however becoming compliant and remaining compliant are two separate exercises. In relation to computer disposal and data erasure, secure IT disposal firms will enter an on-going agreement with organisations and provide periodic reminders to recycle computer parts Manchester items including laptops, hard drives etc., providing all of the relevant documentationThe value in outsourcing data erasure and computer recycling UK operations to a Data Processor like Gigacycle goes beyond the revenue generated from risk mitigation. Organisations that don’t require Data Protection Officers benefit by having their IT disposal provider looking after the entire operation and providing all relevant documentation. Documentation includes Environment Agency paperwork, data destruction certificates, audit trails of the whole process and a service-level agreement. Simply by obtaining this documentation from the provider, organisations can remain compliant without assigning additional resource to look after these activities. Hence, the value in outsourcing data erasure and computer recycling operations is found in revenue from risk mitigation as well as revenue from a saving in resource costs.
Organisations or Data Controllers are regulated by the ICO who will conduct spot checks and act on suspicion of incorrect practices. Removing responsibility and liability from the organisation (or Data Controller under the GDPR) means the provider of these data erasure and computer recycling activities should also be regulated. However, the ICO can’t be everywhere at once so how do organisations ensure their computer disposal provider is remaining compliant to the GDPR and practising secure data erasure processes? Unsurprisingly there is little being done by the UK government to produce a standard for IT disposal firms however the UK is very lucky to be host to an organisation called ADISA (The Asset Disposal and Information Security Alliance). ADISA is a regulatory body that works with the National Cyber Security Centre (NCSC) and the Ministry of Defence to bring information security standards and processes to a format that is enforceable across commercial organisations in the UK. The ADISA standard is precise, detailed heavily audited and very strict. IT disposal firms that conform to the ADISA standard have access to military and public sector tenders which is exemplary of the stringent information security requirements of the standard. These organisations undergo random site audits, forensic testing, full background checks of all staff and full physical site security and logistic security tests. This ensures that when the standard is accredited to an IT disposal firm, it is maintained at all times and not forgotten. Gigacycle hold an ADISA accreditation to a Distinction level which means their entire operation goes above and beyond the minimum information security requirements set by the ICO and the NCSC and surpasses most extraordinary requirements of other defence and high-risk organisations.
If an organisation’s provider is not accredited by ADISA, red flags should be raised as to why. There are a lot of areas where a computer recycling firm can go wrong, most commonly in human error. Standards like ADISA are unique because they set their standard to audit processes for eradicating the risk of human error. If a computer disposal organisation is not accredited by ADISA and hence not inclined to maintain a certain standard the risk of human error, processional errors and technical errors increases excessively.
Taking in to account the importance of choosing the right IT disposal firm, organisations need to ensure they are still reporting and tracking each asset and receiving reports from their computer disposal provider on each asset’s ultimate erasure and recycling. It is important to track how many items were collected the site versus how many were recorded and recycled by the disposal firm. This raises two points; asset tracking should already be part of the organisation’s I.T procedures and the computer disposal provider should provide fully transparent methods of tracking assets once the collection has been made. Although it may not seem obvious, a failure to track all I.T assets gives way to a heavy information security risk. Failure to track assets mean some assets containing personal or sensitive data can be compromised without knowledge, hence organisations may experience a breach internally even though they may already be using an approved I.T recycling firm. Keeping track of internal assets also insures organisations gain the highest return on all investments as otherwise unknown assets may become redundant and lose value that would otherwise have been recovered in recycling.
Organisations are at risk of being fined by the ICO if they are found to expose personal information to risk. Exposing personal information to risk of a data breach can come in many forms and one of those is a lack of internal asset tracking. A recent interaction with a client tells a good story about how internal asset tracking plays a large importance in reducing the risk of a data breach. This particular client had employed a new team to set up a new asset management system for their organisations assets. There was no system previously in place so over two-hundred machines were still unaccounted for after the initial site audits were carried out. These two-hundred machines could have either been sold or disposed of without record. In this case the client would face prosecution from the ICO should one of the unaccounted assets be compromised and surfaced to public knowledge in a data breach.
Another recent example of the incorrect processes adopted by organisations does not relate to I.T recycling, however it shows the importance of due diligence when dealing with personal information at all stages of the I.T life-cycle. Gloucester City Council was recently fined £100,000 by the ICO when an attacker took advantage of a weakness in the council’s website in July 2014, which led to over 30,000 emails being downloaded from council mailboxes. The emails contained financial and sensitive information about council staff. The attack exploited the ‘Heartbleed’ software flaw. Despite well publicised warnings from the ICO and the media, the council failed to repair the vulnerability in a timely manner, leaving personal information at risk and breaking data protection law. The ICO investigation found that the council did not have sufficient processes in place to ensure its systems had been updated while changes to suppliers were made.
Let us say for example, the 30,000 emails had been downloaded from a computer which was recycled incorrectly. In the most common scenario, internal staff would simply format the hard drive within the computer and would generate revenue from old equipment by selling the asset on eBay. Although the staff took the steps necessary to remove information from a drive, the erasure method holds no guarantee for complete erasure. Furthermore, the organisation had no agreement with a data processing firm like Gigacycle and was not registered as a Data Processor with the ICO. As a result, the ICO investigation would have the same result – the council would not have had sufficient processes in place to ensure personal information was not exposed to risk.
Gigacycle has the necessary certification to fully comply with the WEEE Directive, which was introduced by the government to ensure that UK businesses dispose of I.T equipment, including computers, in an environmentally friendly manner through Environment Agency registered carriers. Gigacycle holds the ISO 9001 certification; this certification takes its name from the series of standards that has been developed by the ISO or – to use its more formal name – the International Organisation for Standardisation and ensures an effective quality assurance system for companies in manufacturing and service industries. Gigacycle is also accredited to the ISO 27001 and ISO 14001 standards.
There are several distinct stages in the process that we follow when we dispose of a computer from one of our clients, and reading and learning about this process should help you to better understand what makes it so vital to use a company like Gigacycle.
The process begins with us collecting your assets. The collection is carried out at the client’s business or home by a member of our staff, who has been DBS-vetted, and will show their company ID upon arriving at the client’s collection address. This member of staff uses a secured vehicle which is approved by ADISA to transport the computer to the Gigacycle recycling centre in Manchester which has also been audited and approved by ADISA; at this centre, any data stored within the computer is destroyed using NCSC and ADISA approved data erasure methods. (Learn about our data destruction services here) The computer is then recycled; any non-recyclable parts are salvaged for use in the refurbishment process for clients that wish to recovery value from their assets.
Passing our second unannounced ADISA Audit.
We’ve just passed another unannounced audit by ADISA – The Asset Disposal and Information Security Alliance!
I.T recycling companies that aren’t accredited by ADISA cannot provide the same level of information security assurance as we do, so in using us as your disposal partner you will be making the right decision.
Lisa Mellings of ADISA says “Gigacycle have been members of ADISA for just over a year and have been audited three times in this period, two of which have been unannounced audits. These audits are completely and utterly unannounced with the member having no prior warning to the ADISA auditor turning up. The spot-check comprises of an operational check of procedures and a random selection of 10 assets which are all forensically checked for data. Only when all these stringent checks are passed does the member receive notification that they have maintained their certification. Gigacycle are certified at Distinction which goes to highlight the huge commitment they make to ensure they adhere to the very best practice possible and can offer complete peace of mind to the end user.”
To give you a glimpse into the importance of the audit, ADISA is the only authoring body in the UK that has a strict criteria which is specific to collecting and erasing I.T equipment. It is the only regulated standard that is formally recognised by the National Cyber Security Centre and the Ministry of Defence. For existing customers, our ADISA accreditation is the reason why a lot of you have continued to conduct business with us. Our GPS tracking information, CCTV footage, data-handling processes and written agreements with clients were all audited during the spot check. Our erased hard drives also went through advanced forensic testing to detect any traces of data and none was found.
Passing the audit means that we can continue to provide the safest possible recycling and erasure service to you at no cost.
If you continue to use us in the future, you will also be compliant with the General Data Protection Regulation which is replacing the Data Protection Act 1998 and is enforceable by the ICO from May 2018. We deeply thank you for your custom and we hope that you will be in touch for your next I.T disposal and erasure requirement.
Thanks to all who have supported us by either helping us on the back-end or in choosing us to recycle for Greater Manchester and erase your I.T assets!
GDPR Compliance: 3 Key Implications
Among reassurance of the integrity of our services thanks to the recent ADISA audit pass we’ve achieved, we’re gearing up to help organisations in becoming compliant with the General Data Protection Regulation, specifically with the sections that concern data erasure.
The General Data Protection Regulation enforcement date is gaining on us and more businesses are seeking help from consultancies to ensure the understand the implications and are compliant by 25th May 2018, when the GDPR will formally replace the Data Protection Act 1998 and will be enforceable by the ICO.
On the secure IT recycling companies and data erasure front, the GDPR will have 3 key implications on organisations:Organisations must understand that they will be audited by the ICO. It’s not a question of IF, it’s WHEN. The resources made available to the ICO have increased and they have made it clear to all organisations that enforcement of the GDPR will be more prevalent than any action taken against organisations throughout the reign of the Data Protection Act 1998. Taking the stance of “don’t worry we’ll never be audited” is simply not worth the risk, especially with the new threat of a 4% Global Annual Revenue fine for any breach of the GDPR.
The free service that we offer ensures that you remain compliant with the GDPR. We provide written agreements for every collection and we remove data breach liabilities from you in the process.
First unannounced ADISA audit passed!
It’s a proud day at Gigacycle! We have passed our unannounced ADISA audit and remain certified with ADISA to DISTINCTION!
The auditor arrived without notice or warning at our secure computer disposal processing facility in Manchester in October.
Launched in 2010, the ADISA IT Disposal standard focuses on the security of the IT recovery process.
The ADISA standard is formally recognised by the ministry of defence and DIP COG. The audit process is multi-layered and is conducted by an official UKAS certified auditor. The audit certifies our process, our security, our data destruction methods, our staff and our fleet of vehicles. This approach means that ADISA Certified companies have an obligation to maintain the highest standards at all times as an audit failure could lead to suspension or removal from the program.
We are very proud to say we passed with flying colours and we fly our certification with ADISA high. This shows our customers and clients that we continue to maintain our high standards and our processes. Our services provide you with reassurance that the end of life retirement process or IT Assets is fully compliant to the highest standards. With the changes to the EU data protection regulations finally agreed, it is only a matter of time before they are set in stone in the UK. With this in mind, maintaining ADISA certification has never been more important as GIGACYCLE will prepare for the changes to come.
We welcome audits by our clients and potential clients, so you can visit our processing facility in Manchester and see why we are one of the highest certified ADISA members in the UK.
Gigacycle is now ADISA Accredited
Gigacycle has been awarded the ADISA certification at a Distinction level against their IT disposal (ITAD) standard at their processing facility in Manchester.
ADISA, the Asset Disposal & Information Security Alliance, is the leading accreditation body for the IT Asset Disposition Industry. The ADISA standard has the primary objective of measuring a service providers’ capability for providing secure asset recovery and data sanitisation services to businesses.
Gigacycle is the only ADISA certified IT disposal firm based in the true heart of Manchester city. Gigacycle has regional offices in London and Edinburgh, along with a processing facility in Manchester and is a leading UK provider of secure IT disposal and data destruction services to clients across the country.
Gigacycle’ s customers include Small to Medium Enterprises, Public Sector companies, the NHS and large corporations. Gigacycle has seen a rapid growth in the last 3 years propelling them to the forefront of secure IT disposal.
This award from ADISA is the latest achievement Gigacycle has accomplished adding to a long line of accreditations that highlight the high standard they provide. They include ISO 9001, ISO 14001 and ISO 27001 however ADISA is the the highest standard that is specifically carved out to audit the IT disposal process and data destruction methods.
Why is this Unique?
Gigacycle’s unique selling point is their offering of a free secure IT disposal service that clients can trust. They are offering a premium service with premium accreditations, free of charge. Using Gigacycle’s own fleet of vehicles, businesses in the UK are able to benefit from this service which has been praised by local councils and organisations.
About ADISA
Launched in 2010, the ADISA Industry Standards for companies who participate in IT asset recovery now extends into the world of leasing, logistics and repair centres, as well as the well-established IT disposal Standard. The ADISA Standard is recognised by DIPCOG, which is a NCSC (National Cyber Security Centre, formerly CESG) and Ministry of Defence committee, as being an industry Standard of Merit. The ADISA Certification gives clients reassurance that their ITAD partner operates to the highest industry standards, reflecting current best practice for handling data carrying assets.
“I’m delighted to welcome Gigacycle onto the ADISA certification programme. Their initial audit was very clean indeed and is testament to the hard work Gigacycle has put in since we first met 3 years ago. I look forward to working with the team at Gigacycle to help them drive their business forward”.
Steve Mellings – ADISA
Resources
Our list of accreditation and certifications is below:
Contact You can call us on 0800 024 2476, email us on [email protected], visit us at https://www.gigacycle.co.uk or book a meeting with us in Trafford Park, Manchester.
Terms and Conditions (“Terms”)
Last updated: July 05, 2017
Please read these Terms and Conditions (“Terms”, “Terms and Conditions”) carefully before using the https://www.gigacycle.co.uk website (the “Computer Recycling Service”) operated by Gigacycle Computer Recycling (“us”, “we”, or “our”).
Your access to and use of the Computer Recycling Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Computer Recycling Service.
By accessing or using the Computer Recycling Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Computer Recycling Service. This Terms & Conditions agreement is licensed to Gigacycle Computer Recycling.
Links To Other Web Sites
Our Computer Recycling Service may contain links to third-party web sites or Computer Recycling Services that are not owned or controlled by Gigacycle Computer Recycling.
Gigacycle Computer Recycling has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or Computer Recycling Services. You further acknowledge and agree that Gigacycle Computer Recycling shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or Computer Recycling Services available on or through any such web sites or Computer Recycling Services.
We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or Computer Recycling Services that you visit.
Termination
We may terminate or suspend access to our Computer Recycling Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.
All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
Governing Law
These Terms shall be governed and construed in accordance with the laws of United Kingdom, without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Computer Recycling Service, and supersede and replace any prior agreements we might have between us regarding the Computer Recycling Service.
Changes
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 15 days’ notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
By continuing to access or use our Computer Recycling Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Computer Recycling Service.
Contact Us
If you have any questions about these Terms, please contact us.
Basic Service Policy
Through the website (Gigacycle.co.uk) we (Gigacycle) provide an online platform for our clients to book IT recycling collections. By making a booking through Gigacycle, you do not enter into a direct (legally binding) contractual relationship with our company from the point at which a booking is made.
Our computer recycling Computer Recycling Services are available for personal and commercial use. Therefore, you are not allowed to reproduce the Computer Recycling Services we offer elsewhere without prior authorisation from a director.
Our computer recycling rates are highly competitive. All prices on the Gigacycle website are displayed excluding VAT.
Gigacycle takes your privacy seriously. Our offline SLA details how we handle your data.
The basic computer recycling Computer Recycling Services offered are free of charge, as long as the minimum quantity of major items such as desktops, laptops and monitors are met.
After a booking for computer recycling is made your collection will be placed in a queue and we will always contact you to confirm. After a computer recycling collection has been confirmed by both the waste producer and waste carrier the producer is subject to a cancellation fee for cancellations within 24 hours of the collection date.
The fee for premium NCSC data erasure will be detailed in the written agreement signed prior to the computer recycling collection.
Payment is safely and securely processed through your SagePay, PayPal or through your bank via BACS. Gigacycle will require a remittance statement to confirm successful payment before your computer recycling collection is made.
By accepting a booking confirmation for computer recycling from Gigacycle, you accept and agree to the Gigacycle cancellation policy detailed in the written computer recycling SLA provided by Gigacycle.
For chargeable collections Gigacycle requires payment prior to your collection date.
If you are offered a free computer recycling cancellation policy will remain valid and charges may be associated with a late cancellation.
About Us
Summary of Services
Secure IT Disposal
Asset Management & Re-Marketing (Cash back or Value Recovery)
Certified Data Erasure
Data Destruction
IT Redeployment
GDPR Compliance
Items We Collect & Recycling Jobs Manchester Services
We provide a free IT recycling collection service for free IT disposal, secure pc disposal, free recycle Manchester collections and computer recycling. Along with recycling laptops and computers we actually collect a range of other electrical equipment listed below:
Gigacycle News
How to choose the right IT Disposal & Computer Recycling provider.
Many computer hardware recycling and weee recycling companies offer the same services with little variance in quality of service. The standard collection and erasure service is usually free of charge in order to catch the large amount of business that is searching for “free weee recycling uk”, “free computer disposal” or “free computer recycling.” How can they offer it for free? The standard proposition invites free collections, erasure and recycling of I.T equipment in the hope of recouping costs through refurbishment and re-sale. Unfortunately a large portion of IT asset disposal firms undertake significant environmental and information security risks in the pursuit of higher re-sale values.
Where Gigacycle differs from many of these companies is that we are regulated by strict authoring bodies to ensure any pc recycling uk services and data erasure that takes place is executed with minimal risk and minimal impact. Our regulators include the Information Commissioner’s Office, the National Cyber Security Centre, the Centre for the Protection of National Infrastructure, the Environment Agency, CIS for our ISO 9001/14001/27001 standards and the Asset Disposal and Information Security Alliance (ADISA) for the start-to-end process that covers our entire operation. If your current computer equipment disposal provider does not comply with the regulations above at the least, your company is at risk of being the subject of a major data breach.
From examples in the media we’ve all seen that a data breach can cause havoc when made public. Not only is it hazardous from a public relations and national security perspective but a data breach can now land you a 4% annual global revenue fine under the new General Data Protection Regulation. This regulation is replacing the Data Protection Act and the ICO is gearing up to heavily enforce the regulation from May 2018. As a result a lot of UK companies have either invested in GDPR compliance consulting or have denied their non-compliance and are choosing to remain reactive rather than proactive. A lot of companies are simply unaware of the implications of the GDPR.
Gigacycle offers a free collection, erasure and computer disposal UK service which makes some level of GDPR compliance available and easily accessible to all organisations. At any stage of an organisation’s compliance gap project Gigacycle can assist in fulfilling the information and asset disposal section of the GDPR.
GDPR compliance isn’t just about following the law – in our industry GDPR compliance translates directly to risk mitigation. Most organisations won’t see value past residual equipment value in recycling and having a company like Gigacycle erase your data but what Gigacycle really does is mitigate risk through offering GDPR compliance. In the case that an organisation encounters a data breach and the ICO concludes that the organisation had no service-level agreement in place to handle data erasure and old computer disposal, the organisation is wholly liable for the damages and will be fined. Not only will the organisation be fined for the data breach but also for not having the correct computer recycling and data erasure agreement in place.
Unfortunately there was a case in 2013 with NHS Surrey where a fine was issued to the organisation for not having a contract in place with their computer store Manchester disposal provider. When you look into the case, NHS Surrey actually made the decision to leave an approved supplier and hand their data to a new supplier who did not offer any contract and who didn’t have the correct accreditation or even processes in place. As a result, over 3,000 patient records contained on computers that were sold on eBay by the computer disposal firm were compromised. This is a perfect example to highlight the difference between Gigacycle and other IT disposal firms, but also highlights that organisations can still be fined where due diligence is not exercised. A good IT disposal firm will recommend the correct steps to ensure full compliance and will never leave an organisation in the dark. The total fine issued to NHS Surrey was £200,000.
If that organisation had an agreement in place with a company like Gigacycle, that organisation would have encountered no loss as the service-level agreement relieves that organisation of any risks and responsibility in recycling and erasure. Furthermore, that organisation would not have experienced a breach in the first place.
Through experience in this industry we can easily summarise that most organisations leave computer hardware disposal to internal staff that lack the knowledge or experience to understand the ramifications of choosing the wrong IT disposal firm or not outsourcing their recycling and erasure activities. Again, it’s an issue that the GDPR was drafted to resolve and yet most companies are unaware of what’s required.
There is a huge fiscal value in risk mitigation as exemplified by the NHS Surrey case. However, a lot of organisations still aren’t making the right decisions simply because the decision maker is usually unaware of the importance of secure computer recycling and disposal. It’s perhaps the most important part of the GDPR, one that isn’t stressed enough even though it’s a serious safety issue. Under the GDPR most public authorities, organisations that carry out large scale systematic monitoring of individuals such as market research companies, and organisations that process large amounts of sensitive information need to appoint a Data Protection Officer. This falls under the accountability principle in Article 5(2) of the GDPR that requires you to demonstrate that organisations comply with principles and states explicitly that this is the organisation’s responsibility
There are several benefits to appointing a Data Protection Officer. Specifically, the appointment of a DPO means an organisation has a dedicated member of staff to review all data processing and information handling activities. In our experience, a majority of companies assign the responsibilities of a data protection officer to a member of staff without assigning a title. As a result that member of staff lacks the due diligence to ensure data processing activities are recorded and audited. This commonly leads to decisions being made in computer disposals limited and data erasure that are severely non-compliant and introduces a high level of risk.
For those companies that are not required by law to appoint a Data Protection Officer, it is still important to remain proactive and not to be complacent. Organisations still need educated and dedicated personnel to record data processing activities and ensure compliance. Currently, a lot of organisations that don’t require Data Protection Officers under the GDPR are turning to local consultancies to bulletproof their processes for the GDPR however becoming compliant and remaining compliant are two separate exercises. In relation to computer disposal and data erasure, secure IT disposal firms will enter an on-going agreement with organisations and provide periodic reminders to recycle computer parts Manchester items including laptops, hard drives etc., providing all of the relevant documentation
The value in outsourcing data erasure and computer recycling UK operations to a Data Processor like Gigacycle goes beyond the revenue generated from risk mitigation. Organisations that don’t require Data Protection Officers benefit by having their IT disposal provider looking after the entire operation and providing all relevant documentation. Documentation includes Environment Agency paperwork, data destruction certificates, audit trails of the whole process and a service-level agreement. Simply by obtaining this documentation from the provider, organisations can remain compliant without assigning additional resource to look after these activities. Hence, the value in outsourcing data erasure and computer recycling operations is found in revenue from risk mitigation as well as revenue from a saving in resource costs.
Organisations or Data Controllers are regulated by the ICO who will conduct spot checks and act on suspicion of incorrect practices. Removing responsibility and liability from the organisation (or Data Controller under the GDPR) means the provider of these data erasure and computer recycling activities should also be regulated. However, the ICO can’t be everywhere at once so how do organisations ensure their computer disposal provider is remaining compliant to the GDPR and practising secure data erasure processes? Unsurprisingly there is little being done by the UK government to produce a standard for IT disposal firms however the UK is very lucky to be host to an organisation called ADISA (The Asset Disposal and Information Security Alliance). ADISA is a regulatory body that works with the National Cyber Security Centre (NCSC) and the Ministry of Defence to bring information security standards and processes to a format that is enforceable across commercial organisations in the UK. The ADISA standard is precise, detailed heavily audited and very strict. IT disposal firms that conform to the ADISA standard have access to military and public sector tenders which is exemplary of the stringent information security requirements of the standard. These organisations undergo random site audits, forensic testing, full background checks of all staff and full physical site security and logistic security tests. This ensures that when the standard is accredited to an IT disposal firm, it is maintained at all times and not forgotten. Gigacycle hold an ADISA accreditation to a Distinction level which means their entire operation goes above and beyond the minimum information security requirements set by the ICO and the NCSC and surpasses most extraordinary requirements of other defence and high-risk organisations.
If an organisation’s provider is not accredited by ADISA, red flags should be raised as to why. There are a lot of areas where a computer recycling firm can go wrong, most commonly in human error. Standards like ADISA are unique because they set their standard to audit processes for eradicating the risk of human error. If a computer disposal organisation is not accredited by ADISA and hence not inclined to maintain a certain standard the risk of human error, processional errors and technical errors increases excessively.
Taking in to account the importance of choosing the right IT disposal firm, organisations need to ensure they are still reporting and tracking each asset and receiving reports from their computer disposal provider on each asset’s ultimate erasure and recycling. It is important to track how many items were collected the site versus how many were recorded and recycled by the disposal firm. This raises two points; asset tracking should already be part of the organisation’s I.T procedures and the computer disposal provider should provide fully transparent methods of tracking assets once the collection has been made. Although it may not seem obvious, a failure to track all I.T assets gives way to a heavy information security risk. Failure to track assets mean some assets containing personal or sensitive data can be compromised without knowledge, hence organisations may experience a breach internally even though they may already be using an approved I.T recycling firm. Keeping track of internal assets also insures organisations gain the highest return on all investments as otherwise unknown assets may become redundant and lose value that would otherwise have been recovered in recycling.
Organisations are at risk of being fined by the ICO if they are found to expose personal information to risk. Exposing personal information to risk of a data breach can come in many forms and one of those is a lack of internal asset tracking. A recent interaction with a client tells a good story about how internal asset tracking plays a large importance in reducing the risk of a data breach. This particular client had employed a new team to set up a new asset management system for their organisations assets. There was no system previously in place so over two-hundred machines were still unaccounted for after the initial site audits were carried out. These two-hundred machines could have either been sold or disposed of without record. In this case the client would face prosecution from the ICO should one of the unaccounted assets be compromised and surfaced to public knowledge in a data breach.
Another recent example of the incorrect processes adopted by organisations does not relate to I.T recycling, however it shows the importance of due diligence when dealing with personal information at all stages of the I.T life-cycle. Gloucester City Council was recently fined £100,000 by the ICO when an attacker took advantage of a weakness in the council’s website in July 2014, which led to over 30,000 emails being downloaded from council mailboxes. The emails contained financial and sensitive information about council staff. The attack exploited the ‘Heartbleed’ software flaw. Despite well publicised warnings from the ICO and the media, the council failed to repair the vulnerability in a timely manner, leaving personal information at risk and breaking data protection law. The ICO investigation found that the council did not have sufficient processes in place to ensure its systems had been updated while changes to suppliers were made.
Let us say for example, the 30,000 emails had been downloaded from a computer which was recycled incorrectly. In the most common scenario, internal staff would simply format the hard drive within the computer and would generate revenue from old equipment by selling the asset on eBay. Although the staff took the steps necessary to remove information from a drive, the erasure method holds no guarantee for complete erasure. Furthermore, the organisation had no agreement with a data processing firm like Gigacycle and was not registered as a Data Processor with the ICO. As a result, the ICO investigation would have the same result – the council would not have had sufficient processes in place to ensure personal information was not exposed to risk.
Gigacycle has the necessary certification to fully comply with the WEEE Directive, which was introduced by the government to ensure that UK businesses dispose of I.T equipment, including computers, in an environmentally friendly manner through Environment Agency registered carriers. Gigacycle holds the ISO 9001 certification; this certification takes its name from the series of standards that has been developed by the ISO or – to use its more formal name – the International Organisation for Standardisation and ensures an effective quality assurance system for companies in manufacturing and service industries. Gigacycle is also accredited to the ISO 27001 and ISO 14001 standards.
There are several distinct stages in the process that we follow when we dispose of a computer from one of our clients, and reading and learning about this process should help you to better understand what makes it so vital to use a company like Gigacycle.
The process begins with us collecting your assets. The collection is carried out at the client’s business or home by a member of our staff, who has been DBS-vetted, and will show their company ID upon arriving at the client’s collection address. This member of staff uses a secured vehicle which is approved by ADISA to transport the computer to the Gigacycle recycling centre in Manchester which has also been audited and approved by ADISA; at this centre, any data stored within the computer is destroyed using NCSC and ADISA approved data erasure methods. (Learn about our data destruction services here) The computer is then recycled; any non-recyclable parts are salvaged for use in the refurbishment process for clients that wish to recovery value from their assets.
Passing our second unannounced ADISA Audit.
We’ve just passed another unannounced audit by ADISA – The Asset Disposal and Information Security Alliance!
I.T recycling companies that aren’t accredited by ADISA cannot provide the same level of information security assurance as we do, so in using us as your disposal partner you will be making the right decision.
Lisa Mellings of ADISA says “Gigacycle have been members of ADISA for just over a year and have been audited three times in this period, two of which have been unannounced audits. These audits are completely and utterly unannounced with the member having no prior warning to the ADISA auditor turning up. The spot-check comprises of an operational check of procedures and a random selection of 10 assets which are all forensically checked for data. Only when all these stringent checks are passed does the member receive notification that they have maintained their certification. Gigacycle are certified at Distinction which goes to highlight the huge commitment they make to ensure they adhere to the very best practice possible and can offer complete peace of mind to the end user.”
To give you a glimpse into the importance of the audit, ADISA is the only authoring body in the UK that has a strict criteria which is specific to collecting and erasing I.T equipment. It is the only regulated standard that is formally recognised by the National Cyber Security Centre and the Ministry of Defence. For existing customers, our ADISA accreditation is the reason why a lot of you have continued to conduct business with us. Our GPS tracking information, CCTV footage, data-handling processes and written agreements with clients were all audited during the spot check. Our erased hard drives also went through advanced forensic testing to detect any traces of data and none was found.
Passing the audit means that we can continue to provide the safest possible recycling and erasure service to you at no cost.
If you continue to use us in the future, you will also be compliant with the General Data Protection Regulation which is replacing the Data Protection Act 1998 and is enforceable by the ICO from May 2018. We deeply thank you for your custom and we hope that you will be in touch for your next I.T disposal and erasure requirement.
Thanks to all who have supported us by either helping us on the back-end or in choosing us to recycle for Greater Manchester and erase your I.T assets!
GDPR Compliance: 3 Key Implications
Among reassurance of the integrity of our services thanks to the recent ADISA audit pass we’ve achieved, we’re gearing up to help organisations in becoming compliant with the General Data Protection Regulation, specifically with the sections that concern data erasure.
The General Data Protection Regulation enforcement date is gaining on us and more businesses are seeking help from consultancies to ensure the understand the implications and are compliant by 25th May 2018, when the GDPR will formally replace the Data Protection Act 1998 and will be enforceable by the ICO.
On the secure IT recycling companies and data erasure front, the GDPR will have 3 key implications on organisations:
Organisations must understand that they will be audited by the ICO. It’s not a question of IF, it’s WHEN. The resources made available to the ICO have increased and they have made it clear to all organisations that enforcement of the GDPR will be more prevalent than any action taken against organisations throughout the reign of the Data Protection Act 1998. Taking the stance of “don’t worry we’ll never be audited” is simply not worth the risk, especially with the new threat of a 4% Global Annual Revenue fine for any breach of the GDPR.
The free service that we offer ensures that you remain compliant with the GDPR. We provide written agreements for every collection and we remove data breach liabilities from you in the process.
First unannounced ADISA audit passed!
It’s a proud day at Gigacycle! We have passed our unannounced ADISA audit and remain certified with ADISA to DISTINCTION!
The auditor arrived without notice or warning at our secure computer disposal processing facility in Manchester in October.
Launched in 2010, the ADISA IT Disposal standard focuses on the security of the IT recovery process.
The ADISA standard is formally recognised by the ministry of defence and DIP COG. The audit process is multi-layered and is conducted by an official UKAS certified auditor. The audit certifies our process, our security, our data destruction methods, our staff and our fleet of vehicles. This approach means that ADISA Certified companies have an obligation to maintain the highest standards at all times as an audit failure could lead to suspension or removal from the program.
We are very proud to say we passed with flying colours and we fly our certification with ADISA high. This shows our customers and clients that we continue to maintain our high standards and our processes. Our services provide you with reassurance that the end of life retirement process or IT Assets is fully compliant to the highest standards. With the changes to the EU data protection regulations finally agreed, it is only a matter of time before they are set in stone in the UK. With this in mind, maintaining ADISA certification has never been more important as GIGACYCLE will prepare for the changes to come.
We welcome audits by our clients and potential clients, so you can visit our processing facility in Manchester and see why we are one of the highest certified ADISA members in the UK.
Gigacycle is now ADISA Accredited
Gigacycle has been awarded the ADISA certification at a Distinction level against their IT disposal (ITAD) standard at their processing facility in Manchester.
ADISA, the Asset Disposal & Information Security Alliance, is the leading accreditation body for the IT Asset Disposition Industry. The ADISA standard has the primary objective of measuring a service providers’ capability for providing secure asset recovery and data sanitisation services to businesses.
Gigacycle is the only ADISA certified IT disposal firm based in the true heart of Manchester city. Gigacycle has regional offices in London and Edinburgh, along with a processing facility in Manchester and is a leading UK provider of secure IT disposal and data destruction services to clients across the country.
Gigacycle’ s customers include Small to Medium Enterprises, Public Sector companies, the NHS and large corporations. Gigacycle has seen a rapid growth in the last 3 years propelling them to the forefront of secure IT disposal.
This award from ADISA is the latest achievement Gigacycle has accomplished adding to a long line of accreditations that highlight the high standard they provide. They include ISO 9001, ISO 14001 and ISO 27001 however ADISA is the the highest standard that is specifically carved out to audit the IT disposal process and data destruction methods.
Why is this Unique?
Gigacycle’s unique selling point is their offering of a free secure IT disposal service that clients can trust. They are offering a premium service with premium accreditations, free of charge. Using Gigacycle’s own fleet of vehicles, businesses in the UK are able to benefit from this service which has been praised by local councils and organisations.
About ADISA
Launched in 2010, the ADISA Industry Standards for companies who participate in IT asset recovery now extends into the world of leasing, logistics and repair centres, as well as the well-established IT disposal Standard. The ADISA Standard is recognised by DIPCOG, which is a NCSC (National Cyber Security Centre, formerly CESG) and Ministry of Defence committee, as being an industry Standard of Merit. The ADISA Certification gives clients reassurance that their ITAD partner operates to the highest industry standards, reflecting current best practice for handling data carrying assets.
“I’m delighted to welcome Gigacycle onto the ADISA certification programme. Their initial audit was very clean indeed and is testament to the hard work Gigacycle has put in since we first met 3 years ago. I look forward to working with the team at Gigacycle to help them drive their business forward”.
Steve Mellings – ADISA
Resources
Our list of accreditation and certifications is below:
Our list of accreditation and certifications is below:
Contact
You can call us on 0800 024 2476, email us on [email protected], visit us at https://www.gigacycle.co.uk or book a meeting with us in Trafford Park, Manchester.
Terms and Conditions (“Terms”)
Last updated: July 05, 2017
Please read these Terms and Conditions (“Terms”, “Terms and Conditions”) carefully before using the https://www.gigacycle.co.uk website (the “Computer Recycling Service”) operated by Gigacycle Computer Recycling (“us”, “we”, or “our”).
Your access to and use of the Computer Recycling Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Computer Recycling Service.
By accessing or using the Computer Recycling Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Computer Recycling Service. This Terms & Conditions agreement is licensed to Gigacycle Computer Recycling.
Links To Other Web Sites
Our Computer Recycling Service may contain links to third-party web sites or Computer Recycling Services that are not owned or controlled by Gigacycle Computer Recycling.
Gigacycle Computer Recycling has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or Computer Recycling Services. You further acknowledge and agree that Gigacycle Computer Recycling shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or Computer Recycling Services available on or through any such web sites or Computer Recycling Services.
We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or Computer Recycling Services that you visit.
Termination
We may terminate or suspend access to our Computer Recycling Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.
All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
Governing Law
These Terms shall be governed and construed in accordance with the laws of United Kingdom, without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Computer Recycling Service, and supersede and replace any prior agreements we might have between us regarding the Computer Recycling Service.
Changes
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 15 days’ notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
By continuing to access or use our Computer Recycling Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Computer Recycling Service.
Contact Us
If you have any questions about these Terms, please contact us.
Basic Service Policy
Through the website (Gigacycle.co.uk) we (Gigacycle) provide an online platform for our clients to book IT recycling collections. By making a booking through Gigacycle, you do not enter into a direct (legally binding) contractual relationship with our company from the point at which a booking is made.
Our computer recycling Computer Recycling Services are available for personal and commercial use. Therefore, you are not allowed to reproduce the Computer Recycling Services we offer elsewhere without prior authorisation from a director.
Our computer recycling rates are highly competitive. All prices on the Gigacycle website are displayed excluding VAT.
Gigacycle takes your privacy seriously. Our offline SLA details how we handle your data.
The basic computer recycling Computer Recycling Services offered are free of charge, as long as the minimum quantity of major items such as desktops, laptops and monitors are met.
After a booking for computer recycling is made your collection will be placed in a queue and we will always contact you to confirm. After a computer recycling collection has been confirmed by both the waste producer and waste carrier the producer is subject to a cancellation fee for cancellations within 24 hours of the collection date.
The fee for premium NCSC data erasure will be detailed in the written agreement signed prior to the computer recycling collection.
Payment is safely and securely processed through your SagePay, PayPal or through your bank via BACS. Gigacycle will require a remittance statement to confirm successful payment before your computer recycling collection is made.
By accepting a booking confirmation for computer recycling from Gigacycle, you accept and agree to the Gigacycle cancellation policy detailed in the written computer recycling SLA provided by Gigacycle.
For chargeable collections Gigacycle requires payment prior to your collection date.
If you are offered a free computer recycling cancellation policy will remain valid and charges may be associated with a late cancellation.
About Us
Summary of Services
Secure IT Disposal
Asset Management & Re-Marketing (Cash back or Value Recovery)
Certified Data Erasure
Data Destruction
IT Redeployment
GDPR Compliance
Items We Collect & Recycling Jobs Manchester Services
We provide a free IT recycling collection service for free IT disposal, secure pc disposal, free recycle Manchester collections and computer recycling. Along with recycling laptops and computers we actually collect a range of other electrical equipment listed below:
Gigacycle News
How to choose the right IT Disposal & Computer Recycling provider.
Many computer hardware recycling and weee recycling companies offer the same services with little variance in quality of service. The standard collection and erasure service is usually free of charge in order to catch the large amount of business that is searching for “free weee recycling uk”, “free computer disposal” or “free computer recycling.” How can they offer it for free? The standard proposition invites free collections, erasure and recycling of I.T equipment in the hope of recouping costs through refurbishment and re-sale. Unfortunately a large portion of IT asset disposal firms undertake significant environmental and information security risks in the pursuit of higher re-sale values.
Where Gigacycle differs from many of these companies is that we are regulated by strict authoring bodies to ensure any pc recycling uk services and data erasure that takes place is executed with minimal risk and minimal impact. Our regulators include the Information Commissioner’s Office, the National Cyber Security Centre, the Centre for the Protection of National Infrastructure, the Environment Agency, CIS for our ISO 9001/14001/27001 standards and the Asset Disposal and Information Security Alliance (ADISA) for the start-to-end process that covers our entire operation. If your current computer equipment disposal provider does not comply with the regulations above at the least, your company is at risk of being the subject of a major data breach.
From examples in the media we’ve all seen that a data breach can cause havoc when made public. Not only is it hazardous from a public relations and national security perspective but a data breach can now land you a 4% annual global revenue fine under the new General Data Protection Regulation. This regulation is replacing the Data Protection Act and the ICO is gearing up to heavily enforce the regulation from May 2018. As a result a lot of UK companies have either invested in GDPR compliance consulting or have denied their non-compliance and are choosing to remain reactive rather than proactive. A lot of companies are simply unaware of the implications of the GDPR.
Gigacycle offers a free collection, erasure and computer disposal UK service which makes some level of GDPR compliance available and easily accessible to all organisations. At any stage of an organisation’s compliance gap project Gigacycle can assist in fulfilling the information and asset disposal section of the GDPR.
GDPR compliance isn’t just about following the law – in our industry GDPR compliance translates directly to risk mitigation. Most organisations won’t see value past residual equipment value in recycling and having a company like Gigacycle erase your data but what Gigacycle really does is mitigate risk through offering GDPR compliance. In the case that an organisation encounters a data breach and the ICO concludes that the organisation had no service-level agreement in place to handle data erasure and old computer disposal, the organisation is wholly liable for the damages and will be fined. Not only will the organisation be fined for the data breach but also for not having the correct computer recycling and data erasure agreement in place.
Unfortunately there was a case in 2013 with NHS Surrey where a fine was issued to the organisation for not having a contract in place with their computer store Manchester disposal provider. When you look into the case, NHS Surrey actually made the decision to leave an approved supplier and hand their data to a new supplier who did not offer any contract and who didn’t have the correct accreditation or even processes in place. As a result, over 3,000 patient records contained on computers that were sold on eBay by the computer disposal firm were compromised. This is a perfect example to highlight the difference between Gigacycle and other IT disposal firms, but also highlights that organisations can still be fined where due diligence is not exercised. A good IT disposal firm will recommend the correct steps to ensure full compliance and will never leave an organisation in the dark. The total fine issued to NHS Surrey was £200,000.
If that organisation had an agreement in place with a company like Gigacycle, that organisation would have encountered no loss as the service-level agreement relieves that organisation of any risks and responsibility in recycling and erasure. Furthermore, that organisation would not have experienced a breach in the first place.
Through experience in this industry we can easily summarise that most organisations leave computer hardware disposal to internal staff that lack the knowledge or experience to understand the ramifications of choosing the wrong IT disposal firm or not outsourcing their recycling and erasure activities. Again, it’s an issue that the GDPR was drafted to resolve and yet most companies are unaware of what’s required.
There is a huge fiscal value in risk mitigation as exemplified by the NHS Surrey case. However, a lot of organisations still aren’t making the right decisions simply because the decision maker is usually unaware of the importance of secure computer recycling and disposal. It’s perhaps the most important part of the GDPR, one that isn’t stressed enough even though it’s a serious safety issue. Under the GDPR most public authorities, organisations that carry out large scale systematic monitoring of individuals such as market research companies, and organisations that process large amounts of sensitive information need to appoint a Data Protection Officer. This falls under the accountability principle in Article 5(2) of the GDPR that requires you to demonstrate that organisations comply with principles and states explicitly that this is the organisation’s responsibility
There are several benefits to appointing a Data Protection Officer. Specifically, the appointment of a DPO means an organisation has a dedicated member of staff to review all data processing and information handling activities. In our experience, a majority of companies assign the responsibilities of a data protection officer to a member of staff without assigning a title. As a result that member of staff lacks the due diligence to ensure data processing activities are recorded and audited. This commonly leads to decisions being made in computer disposals limited and data erasure that are severely non-compliant and introduces a high level of risk.
For those companies that are not required by law to appoint a Data Protection Officer, it is still important to remain proactive and not to be complacent. Organisations still need educated and dedicated personnel to record data processing activities and ensure compliance. Currently, a lot of organisations that don’t require Data Protection Officers under the GDPR are turning to local consultancies to bulletproof their processes for the GDPR however becoming compliant and remaining compliant are two separate exercises. In relation to computer disposal and data erasure, secure IT disposal firms will enter an on-going agreement with organisations and provide periodic reminders to recycle computer parts Manchester items including laptops, hard drives etc., providing all of the relevant documentation
The value in outsourcing data erasure and computer recycling UK operations to a Data Processor like Gigacycle goes beyond the revenue generated from risk mitigation. Organisations that don’t require Data Protection Officers benefit by having their IT disposal provider looking after the entire operation and providing all relevant documentation. Documentation includes Environment Agency paperwork, data destruction certificates, audit trails of the whole process and a service-level agreement. Simply by obtaining this documentation from the provider, organisations can remain compliant without assigning additional resource to look after these activities. Hence, the value in outsourcing data erasure and computer recycling operations is found in revenue from risk mitigation as well as revenue from a saving in resource costs.
Organisations or Data Controllers are regulated by the ICO who will conduct spot checks and act on suspicion of incorrect practices. Removing responsibility and liability from the organisation (or Data Controller under the GDPR) means the provider of these data erasure and computer recycling activities should also be regulated. However, the ICO can’t be everywhere at once so how do organisations ensure their computer disposal provider is remaining compliant to the GDPR and practising secure data erasure processes? Unsurprisingly there is little being done by the UK government to produce a standard for IT disposal firms however the UK is very lucky to be host to an organisation called ADISA (The Asset Disposal and Information Security Alliance). ADISA is a regulatory body that works with the National Cyber Security Centre (NCSC) and the Ministry of Defence to bring information security standards and processes to a format that is enforceable across commercial organisations in the UK. The ADISA standard is precise, detailed heavily audited and very strict. IT disposal firms that conform to the ADISA standard have access to military and public sector tenders which is exemplary of the stringent information security requirements of the standard. These organisations undergo random site audits, forensic testing, full background checks of all staff and full physical site security and logistic security tests. This ensures that when the standard is accredited to an IT disposal firm, it is maintained at all times and not forgotten. Gigacycle hold an ADISA accreditation to a Distinction level which means their entire operation goes above and beyond the minimum information security requirements set by the ICO and the NCSC and surpasses most extraordinary requirements of other defence and high-risk organisations.
If an organisation’s provider is not accredited by ADISA, red flags should be raised as to why. There are a lot of areas where a computer recycling firm can go wrong, most commonly in human error. Standards like ADISA are unique because they set their standard to audit processes for eradicating the risk of human error. If a computer disposal organisation is not accredited by ADISA and hence not inclined to maintain a certain standard the risk of human error, processional errors and technical errors increases excessively.
Taking in to account the importance of choosing the right IT disposal firm, organisations need to ensure they are still reporting and tracking each asset and receiving reports from their computer disposal provider on each asset’s ultimate erasure and recycling. It is important to track how many items were collected the site versus how many were recorded and recycled by the disposal firm. This raises two points; asset tracking should already be part of the organisation’s I.T procedures and the computer disposal provider should provide fully transparent methods of tracking assets once the collection has been made. Although it may not seem obvious, a failure to track all I.T assets gives way to a heavy information security risk. Failure to track assets mean some assets containing personal or sensitive data can be compromised without knowledge, hence organisations may experience a breach internally even though they may already be using an approved I.T recycling firm. Keeping track of internal assets also insures organisations gain the highest return on all investments as otherwise unknown assets may become redundant and lose value that would otherwise have been recovered in recycling.
Organisations are at risk of being fined by the ICO if they are found to expose personal information to risk. Exposing personal information to risk of a data breach can come in many forms and one of those is a lack of internal asset tracking. A recent interaction with a client tells a good story about how internal asset tracking plays a large importance in reducing the risk of a data breach. This particular client had employed a new team to set up a new asset management system for their organisations assets. There was no system previously in place so over two-hundred machines were still unaccounted for after the initial site audits were carried out. These two-hundred machines could have either been sold or disposed of without record. In this case the client would face prosecution from the ICO should one of the unaccounted assets be compromised and surfaced to public knowledge in a data breach.
Another recent example of the incorrect processes adopted by organisations does not relate to I.T recycling, however it shows the importance of due diligence when dealing with personal information at all stages of the I.T life-cycle. Gloucester City Council was recently fined £100,000 by the ICO when an attacker took advantage of a weakness in the council’s website in July 2014, which led to over 30,000 emails being downloaded from council mailboxes. The emails contained financial and sensitive information about council staff. The attack exploited the ‘Heartbleed’ software flaw. Despite well publicised warnings from the ICO and the media, the council failed to repair the vulnerability in a timely manner, leaving personal information at risk and breaking data protection law. The ICO investigation found that the council did not have sufficient processes in place to ensure its systems had been updated while changes to suppliers were made.
Let us say for example, the 30,000 emails had been downloaded from a computer which was recycled incorrectly. In the most common scenario, internal staff would simply format the hard drive within the computer and would generate revenue from old equipment by selling the asset on eBay. Although the staff took the steps necessary to remove information from a drive, the erasure method holds no guarantee for complete erasure. Furthermore, the organisation had no agreement with a data processing firm like Gigacycle and was not registered as a Data Processor with the ICO. As a result, the ICO investigation would have the same result – the council would not have had sufficient processes in place to ensure personal information was not exposed to risk.
Gigacycle has the necessary certification to fully comply with the WEEE Directive, which was introduced by the government to ensure that UK businesses dispose of I.T equipment, including computers, in an environmentally friendly manner through Environment Agency registered carriers. Gigacycle holds the ISO 9001 certification; this certification takes its name from the series of standards that has been developed by the ISO or – to use its more formal name – the International Organisation for Standardisation and ensures an effective quality assurance system for companies in manufacturing and service industries. Gigacycle is also accredited to the ISO 27001 and ISO 14001 standards.
There are several distinct stages in the process that we follow when we dispose of a computer from one of our clients, and reading and learning about this process should help you to better understand what makes it so vital to use a company like Gigacycle.
The process begins with us collecting your assets. The collection is carried out at the client’s business or home by a member of our staff, who has been DBS-vetted, and will show their company ID upon arriving at the client’s collection address. This member of staff uses a secured vehicle which is approved by ADISA to transport the computer to the Gigacycle recycling centre in Manchester which has also been audited and approved by ADISA; at this centre, any data stored within the computer is destroyed using NCSC and ADISA approved data erasure methods. (Learn about our data destruction services here) The computer is then recycled; any non-recyclable parts are salvaged for use in the refurbishment process for clients that wish to recovery value from their assets.
Passing our second unannounced ADISA Audit.
We’ve just passed another unannounced audit by ADISA – The Asset Disposal and Information Security Alliance!
I.T recycling companies that aren’t accredited by ADISA cannot provide the same level of information security assurance as we do, so in using us as your disposal partner you will be making the right decision.
Lisa Mellings of ADISA says “Gigacycle have been members of ADISA for just over a year and have been audited three times in this period, two of which have been unannounced audits. These audits are completely and utterly unannounced with the member having no prior warning to the ADISA auditor turning up. The spot-check comprises of an operational check of procedures and a random selection of 10 assets which are all forensically checked for data. Only when all these stringent checks are passed does the member receive notification that they have maintained their certification. Gigacycle are certified at Distinction which goes to highlight the huge commitment they make to ensure they adhere to the very best practice possible and can offer complete peace of mind to the end user.”
To give you a glimpse into the importance of the audit, ADISA is the only authoring body in the UK that has a strict criteria which is specific to collecting and erasing I.T equipment. It is the only regulated standard that is formally recognised by the National Cyber Security Centre and the Ministry of Defence. For existing customers, our ADISA accreditation is the reason why a lot of you have continued to conduct business with us. Our GPS tracking information, CCTV footage, data-handling processes and written agreements with clients were all audited during the spot check. Our erased hard drives also went through advanced forensic testing to detect any traces of data and none was found.
Passing the audit means that we can continue to provide the safest possible recycling and erasure service to you at no cost.
If you continue to use us in the future, you will also be compliant with the General Data Protection Regulation which is replacing the Data Protection Act 1998 and is enforceable by the ICO from May 2018. We deeply thank you for your custom and we hope that you will be in touch for your next I.T disposal and erasure requirement.
Thanks to all who have supported us by either helping us on the back-end or in choosing us to recycle for Greater Manchester and erase your I.T assets!
GDPR Compliance: 3 Key Implications
Among reassurance of the integrity of our services thanks to the recent ADISA audit pass we’ve achieved, we’re gearing up to help organisations in becoming compliant with the General Data Protection Regulation, specifically with the sections that concern data erasure.
The General Data Protection Regulation enforcement date is gaining on us and more businesses are seeking help from consultancies to ensure the understand the implications and are compliant by 25th May 2018, when the GDPR will formally replace the Data Protection Act 1998 and will be enforceable by the ICO.
On the secure IT recycling companies and data erasure front, the GDPR will have 3 key implications on organisations:
Organisations must understand that they will be audited by the ICO. It’s not a question of IF, it’s WHEN. The resources made available to the ICO have increased and they have made it clear to all organisations that enforcement of the GDPR will be more prevalent than any action taken against organisations throughout the reign of the Data Protection Act 1998. Taking the stance of “don’t worry we’ll never be audited” is simply not worth the risk, especially with the new threat of a 4% Global Annual Revenue fine for any breach of the GDPR.
The free service that we offer ensures that you remain compliant with the GDPR. We provide written agreements for every collection and we remove data breach liabilities from you in the process.
First unannounced ADISA audit passed!
It’s a proud day at Gigacycle! We have passed our unannounced ADISA audit and remain certified with ADISA to DISTINCTION!
The auditor arrived without notice or warning at our secure computer disposal processing facility in Manchester in October.
Launched in 2010, the ADISA IT Disposal standard focuses on the security of the IT recovery process.
The ADISA standard is formally recognised by the ministry of defence and DIP COG. The audit process is multi-layered and is conducted by an official UKAS certified auditor. The audit certifies our process, our security, our data destruction methods, our staff and our fleet of vehicles. This approach means that ADISA Certified companies have an obligation to maintain the highest standards at all times as an audit failure could lead to suspension or removal from the program.
We are very proud to say we passed with flying colours and we fly our certification with ADISA high. This shows our customers and clients that we continue to maintain our high standards and our processes. Our services provide you with reassurance that the end of life retirement process or IT Assets is fully compliant to the highest standards. With the changes to the EU data protection regulations finally agreed, it is only a matter of time before they are set in stone in the UK. With this in mind, maintaining ADISA certification has never been more important as GIGACYCLE will prepare for the changes to come.
We welcome audits by our clients and potential clients, so you can visit our processing facility in Manchester and see why we are one of the highest certified ADISA members in the UK.
Gigacycle is now ADISA Accredited
Gigacycle has been awarded the ADISA certification at a Distinction level against their IT disposal (ITAD) standard at their processing facility in Manchester.
ADISA, the Asset Disposal & Information Security Alliance, is the leading accreditation body for the IT Asset Disposition Industry. The ADISA standard has the primary objective of measuring a service providers’ capability for providing secure asset recovery and data sanitisation services to businesses.
Gigacycle is the only ADISA certified IT disposal firm based in the true heart of Manchester city. Gigacycle has regional offices in London and Edinburgh, along with a processing facility in Manchester and is a leading UK provider of secure IT disposal and data destruction services to clients across the country.
Gigacycle’ s customers include Small to Medium Enterprises, Public Sector companies, the NHS and large corporations. Gigacycle has seen a rapid growth in the last 3 years propelling them to the forefront of secure IT disposal.
This award from ADISA is the latest achievement Gigacycle has accomplished adding to a long line of accreditations that highlight the high standard they provide. They include ISO 9001, ISO 14001 and ISO 27001 however ADISA is the the highest standard that is specifically carved out to audit the IT disposal process and data destruction methods.
Why is this Unique?
Gigacycle’s unique selling point is their offering of a free secure IT disposal service that clients can trust. They are offering a premium service with premium accreditations, free of charge. Using Gigacycle’s own fleet of vehicles, businesses in the UK are able to benefit from this service which has been praised by local councils and organisations.
About ADISA
Launched in 2010, the ADISA Industry Standards for companies who participate in IT asset recovery now extends into the world of leasing, logistics and repair centres, as well as the well-established IT disposal Standard. The ADISA Standard is recognised by DIPCOG, which is a NCSC (National Cyber Security Centre, formerly CESG) and Ministry of Defence committee, as being an industry Standard of Merit. The ADISA Certification gives clients reassurance that their ITAD partner operates to the highest industry standards, reflecting current best practice for handling data carrying assets.
“I’m delighted to welcome Gigacycle onto the ADISA certification programme. Their initial audit was very clean indeed and is testament to the hard work Gigacycle has put in since we first met 3 years ago. I look forward to working with the team at Gigacycle to help them drive their business forward”.
Steve Mellings – ADISA
Resources
Our list of accreditation and certifications is below:
Our list of accreditation and certifications is below:
Contact
You can call us on 0800 024 2476, email us on [email protected], visit us at https://www.gigacycle.co.uk or book a meeting with us in Trafford Park, Manchester.
Terms and Conditions (“Terms”)
Last updated: July 05, 2017
Please read these Terms and Conditions (“Terms”, “Terms and Conditions”) carefully before using the https://www.gigacycle.co.uk website (the “Computer Recycling Service”) operated by Gigacycle Computer Recycling (“us”, “we”, or “our”).
Your access to and use of the Computer Recycling Service is conditioned on your acceptance of and compliance with these Terms. These Terms apply to all visitors, users and others who access or use the Computer Recycling Service.
By accessing or using the Computer Recycling Service you agree to be bound by these Terms. If you disagree with any part of the terms then you may not access the Computer Recycling Service. This Terms & Conditions agreement is licensed to Gigacycle Computer Recycling.
Links To Other Web Sites
Our Computer Recycling Service may contain links to third-party web sites or Computer Recycling Services that are not owned or controlled by Gigacycle Computer Recycling.
Gigacycle Computer Recycling has no control over, and assumes no responsibility for, the content, privacy policies, or practices of any third party web sites or Computer Recycling Services. You further acknowledge and agree that Gigacycle Computer Recycling shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods or Computer Recycling Services available on or through any such web sites or Computer Recycling Services.
We strongly advise you to read the terms and conditions and privacy policies of any third-party web sites or Computer Recycling Services that you visit.
Termination
We may terminate or suspend access to our Computer Recycling Service immediately, without prior notice or liability, for any reason whatsoever, including without limitation if you breach the Terms.
All provisions of the Terms which by their nature should survive termination shall survive termination, including, without limitation, ownership provisions, warranty disclaimers, indemnity and limitations of liability.
Governing Law
These Terms shall be governed and construed in accordance with the laws of United Kingdom, without regard to its conflict of law provisions.
Our failure to enforce any right or provision of these Terms will not be considered a waiver of those rights. If any provision of these Terms is held to be invalid or unenforceable by a court, the remaining provisions of these Terms will remain in effect. These Terms constitute the entire agreement between us regarding our Computer Recycling Service, and supersede and replace any prior agreements we might have between us regarding the Computer Recycling Service.
Changes
We reserve the right, at our sole discretion, to modify or replace these Terms at any time. If a revision is material we will try to provide at least 15 days’ notice prior to any new terms taking effect. What constitutes a material change will be determined at our sole discretion.
By continuing to access or use our Computer Recycling Service after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Computer Recycling Service.
Contact Us
If you have any questions about these Terms, please contact us.
Basic Service Policy
Through the website (Gigacycle.co.uk) we (Gigacycle) provide an online platform for our clients to book IT recycling collections. By making a booking through Gigacycle, you do not enter into a direct (legally binding) contractual relationship with our company from the point at which a booking is made.
Our computer recycling Computer Recycling Services are available for personal and commercial use. Therefore, you are not allowed to reproduce the Computer Recycling Services we offer elsewhere without prior authorisation from a director.
Our computer recycling rates are highly competitive. All prices on the Gigacycle website are displayed excluding VAT.
Gigacycle takes your privacy seriously. Our offline SLA details how we handle your data.
The basic computer recycling Computer Recycling Services offered are free of charge, as long as the minimum quantity of major items such as desktops, laptops and monitors are met.
After a booking for computer recycling is made your collection will be placed in a queue and we will always contact you to confirm. After a computer recycling collection has been confirmed by both the waste producer and waste carrier the producer is subject to a cancellation fee for cancellations within 24 hours of the collection date.
The fee for premium NCSC data erasure will be detailed in the written agreement signed prior to the computer recycling collection.
Payment is safely and securely processed through your SagePay, PayPal or through your bank via BACS. Gigacycle will require a remittance statement to confirm successful payment before your computer recycling collection is made.
By accepting a booking confirmation for computer recycling from Gigacycle, you accept and agree to the Gigacycle cancellation policy detailed in the written computer recycling SLA provided by Gigacycle.
For chargeable collections Gigacycle requires payment prior to your collection date.
If you are offered a free computer recycling cancellation policy will remain valid and charges may be associated with a late cancellation.