Any company that disposes of hazardous waste has a legal obligation to ensure redundant electronic equipment is disposed of in line with new legislation, known as the WEEE Directive.
Every year an estimated 2 million tonnes of WEEE items are discarded by householders and companies in the UK. WEEE includes most products that have a plug or need a battery.
The Waste Electrical and Electronic Equipment Directive (WEEE Directive) became legislation in 2007. The aim of the directive is to reduce the amount of WEEE being disposed of via landfill and promote reuse wherever possible.
Put simply businesses and organisations can no longer treat WEEE as general waste and instead should implement a policy to ensure that their WEEE is retired in line with the directive. As the process is relatively complex, businesses and organisations almost always engage the services of an external IT disposal company to facilitate the process.
Further information relating to the WEEE Directive is readily available online.
No, this is no longer a legal requirement.
CRT and TFT (flat panel) monitors, laptop screens and fluorescent tubes are classified as hazardous waste. Whilst there are a couple of grey areas all other equipment can be classified as non-hazardous waste.
The data protection act affects every company or organisation and is arguably the most important element of the disposal process.
The DPA 2018 sets out the framework for data protection law in the UK. It updates and replaces the Data Protection Act 1998, and came into effect on 25 May 2018.
Whilst detailed information is readily available online it is the seventh principle that is the most relevant when it comes to disposing of your redundant IT assets. In practice, it means you must implement appropriate security measures to prevent the personal data you hold being accidentally or deliberately compromised, both on and away from your premises.
The most common misconception is that the IT disposal company assumes liability for any such data breach once they have collected the equipment. Not true. The reality is that the IT disposal company only assumes responsibility once the customer's equipment is booked into their facility.
Even then and in the event of a data breach, who do you think would be worse off in terms of damage to brand image, a relatively unknown IT disposal company or household name organisation?
Even if the IT disposal company holds indemnity insurance (very rare) the damage will already be done.
The principles of the EU GDPR are similar to the DPA, although there are additional requirements and obligations with regards to data storage and data handling, and failure to comply with these new regulations will incur heavy fines and harsh penalties.
It is therefore imperative for UK companies to be aware of these changes and new regulations soon to be implemented.
CDL will ensure that your IT disposal is fully compliant to the GDPR, giving you peace of mind that all data will be handled and disposed of securely and in full compliance with the new regulations.
There are now over 300 registered IT disposal companies, yet less than 10% of these can genuinely provide a bona fide secure service and have the accreditations to back this up.
Cost should not be your primary decision making factor, however as the industry has become increasingly competitive you should be able to find a reputable disposal company who can still provide a cost effective service.
Accrediting bodies such as ADISA are a good source of reputable IT disposal companies as any ADISA member has to pass strict criteria in terms of security and scope of service.
Do they have a Waste Carrier license?
Do they have an Environmental Permit?
Do they use their own transport and drivers?
Do they issue appropriate documentation for each collection?
Do they sanitise data to industry recognised standards?
Do they provide detailed asset reports for all equipment collected?
Do they hold ISO 9001 & 14001 accreditation?
Do they hold ISO 27001 accreditation?
Are they certified members of an accredited governing body such as ADISA?
No. We never use agency staff and every element of the process is carried out in house, including shredding and destruction of media. The only element that we forward to an approved partner is equipment that cannot be remarketed and thus has to be recycled.
In many cases we are able to provide a free of charge service. This is possible as equipment can often have residual value that we can use to offset our processing costs and even generate a positive return for our clients.
As a worst case scenario we have a quick quote facility on our website, which provides you with an instant quote for collection of up to 10 and 11-25 items respectively. In any eventuality a member of our team will contact you and confirm if there is any value in your equipment, prior to a collection being completed.
We cover the whole of the UK including Ireland and the Channel Islands. We guarantee collection from any mainland UK location within 5 working days.
No, we can collect anything from a single mouse through to complete data centre decommissioning. We operate a wide fleet of vehicles to include normal panel vans, tail lifts through to a 40-foot lorry.
No, we do all the work for you. Our fleet of vehicles are equipped with appropriate trolleys and containers for removing and storing your equipment.
Equipment does not have to be palletised and can be stored loose or in cages/containers to suit you. We will allocate tail lift vehicles from our fleet where appropriate to cater for larger items such as server racks, copiers, plotters etc.
CDL can supply a range of storage containers from wheeled cages to full shipping containers, to suit you.
Yes, all CDL customers have access to an online customer portal. CDL’s online customer portal can be used to access all reports and details of collections.
Customers can also request a collection through the portal. When a collection request is logged through the portal, your account manager will receive a notification.
Your account manager will then contact you within two hours to confirm a suitable collection date. All CDL’s licenses, accreditations, and certificates are also downloadable from the portal.
In order to request access, please follow the link and follow the instructions to register.
Our entire fleet of vehicles are satellite tracked and CCTV equipped in both the cabs and loading areas. All our drivers are enhanced DBS checked and have to follow strict driving protocols. All collections are monitored and managed by our dedicated logistics team.
CDL operates from a 40,000 square foot, purpose-built facility. The entire perimeter is surrounded by 2.4-meter prison mesh fencing.
In addition, the facility is monitored by a further 80+ CCTV cameras which include true day-night motion-detecting cameras on the outside of the building, PTZ cameras on all corners of the perimeter and an ANPR on the industrial estate.
Both the CCTV and comprehensive alarm systems with an external PA system are monitored 24/7 by Select Security who are based on the same trading estate. All main internal doors are operated via a mag lock system, with restricted staff access as appropriate.
All staff is vetted upon application and only those who can pass a DBS check are invited to interview. Upon starting work at CDL all employees must pass a comprehensive 2-day induction course, including an online test of understanding.
At which point they are allocated a ‘work buddy’ whom they must work alongside for a minimum of 2 weeks or when deemed competent to work alone, which must be signed off by their team leader.
Employees are only allowed access to the data erase area after their 3-month probation has been completed. In addition to internal CCTV, CDL operates a right to search policy and operates daily random searches.
All Hard Disk Drives (HDD) which are 250GB or above will be erased using White Canyon overwriting software. White Canyon Wipdedrive is approved for all mechanical drives and is ADISA approved for Solid State Drives.
It is also the only software approved by the likes of Interpol, Homeland Security, IBM, Microsoft and Cisco. Full accreditation details available upon request.
A certificate will be produced for every successfully erased hard drive to include the make, model and the serial number of the hard drive.
Any hard drive that fails the data erase process or is less than 250GB will be shredded on-site at CDL. If the original equipment is faulty the drive is removed and physically destroyed.
All loose media is degaussed and/or shredded on-site at CDL.
CDL can offer an on-site media destruction service using our dedicated media destruction vehicle. The vehicle can offer a destruction option for all media types. Full details of this service can be found on CDL’s data capability statement.
All destroyed media will be returned, same day, to our facility under strict security conditions.
CDL holds the following insurances:
• Public Liability £10,000,000
• Employee Liability £10,000,000
• Cyber Security £10,000,000
• Professional Indemnity £500,000
CDL holds the following accreditations and awards:
• Waste Carrier Licence.
• DPA Registered.
• Full Environmental Permit.
• ATF (Authorised Treatment Facility).
• ISO 9001:2015
• ISO 14001:2015
• ISO 27001:2013
• OHSAS 18001:2007
• Secure Data Erase Company of the year 2017, 2018 & 2019
• Secure Company of the Year 2018
• Computing Security Editors Choice 2019
• Compliance Award Winner 2018
• Halton Business of the Year 2017.
• Halton BID Business of the year 2018.
• DBS checked staff.
• Safe Contractor accredited.
• Investors in People Silver Accredited.
• ADISA accredited with Distinction (Asset Disposal & Information Security Alliance).
• Members of ICER (Industry Council for Electronic Equipment Recycling).
• NHS Data Security and Protection Toolkit approved and compliant.
You should always ask any prospective company to forward sample documentation prior to engaging with them. You will be amazed at the variance between companies as to content and quality.
Request a site visit. Again you will be amazed at the difference in setups. A flashy website can hide a multitude of sins. If the company appears reluctant to offer a site visit, look elsewhere.
You don't even have to visit their facility, however, the fact that they are willing for you to view their operations should give you a level of comfort and peace of mind.
Seek references from some of their credible customers, not the local greengrocer. Sounds obvious, but many people simply don't bother.
If a system BIOS has a password it will prevent CDL from sanitising the asset effectively. A BIOS password could deny access to the hard drive, disable boot options for erasing purposes and restrict access to clearing TPM and AMT settings.
Apple systems which have not been removed from DEP register may download personal data when connected to the internet, even after successful sanitisation of the assets hard drive.
It is impossible for CDL to check if a system has been removed from a DEP register and as such, should be an important consideration of the client.