UK businesses risking GDPR penalties by not wiping the memory from old IT equipment


In the two months following the introduction of GDPR, 55 per cent of UK businesses, including those in the airfreight and logistics industries, have failed to wipe the memory off redundant IT equipment before disposal.

Despite GDPR (General Data Protection Regulation) legislation having come into effect over four months ago, the majority of UK businesses are now risking penalties by failing to adhere to some of the rules. According to a survey of 1,002 UK workers in full or part-time employment, carried out by, more than half of British companies failed to wipe the data from IT equipment they disposed of in the two months following GDPR.

Matt Royle, marketing director at commented: “Given the amount of publicity around GDPR it is arguably impossible to be unaware or misunderstand the basics of what is required for compliance. So, it is startling to discover just how many businesses are failing to both implement and follow some of the simplest data protection practices.

“The fines involved in a GDPR breach can potentially run into the millions – and what appear to be less tangible impacts, like reputational damage, customer trust and loyalty, will ultimately become financially significant.

“Given these findings, it is clear that more needs to be done to ensure that all businesses have a disposal procedure in place to avoid inadvertently leaking sensitive data.”