Reusing ICT with new privacy regulations (GDPR)

April 2, 2018
by
Benjamin Balder Bach

(Scroll down for English)

I FAIR går vi op i at sikre privatliv og anden følsom data. En af hovedaktiviteterne i vores organisation er at overskrive data og dermed sikre, at de ikke falder i de forkerte hænder.

Derfor synes vi også, at GDPR (General Data Protection Regulation) er et tiltag i den rigtige retning. Og som en organisation, der i forvejen behandler persondata, kan vi genkende mange af udfordringerne, som adresseres med GDPR.

GDPR og nye muligheder for indsamling af computere

For det første, har GDPR den umiddelbare konsekvens, at man ikke bare lige kan overdrage harddiske og andre medier til foreninger og forhandlere. Hvis der er ukrypterede persondata på medierne, skal de som udgangspunkt ikke overdrages til tredjepart uden de involverede personers accept. Al ukrypteret persondata skal fjernes fra media, før de gives videre.

Derfor tilbyder FAIR nu:

Aktiviteterne udføres af erfarne it-professionelle, der arbejder frivilligt. Således har vores projekt hele tiden været muliggjort, og således vil det fortsætte med at være. Alle involverede, der opnår in-house adgang til persondata, underskriver en fortrolighedskontrakt med virksomheden, uanset om de reelt får adgang til data i virksomheden.

Vores prisliste er opdateret for at reflektere denne nye ydelse.

Man behøver selvfølgelig ikke at benytte sig af in-house sletning, hvis man har arbejdsmaskiner uden ukrypterede persondata eller af andre årsager er undtaget GDPR. I så fald slettes udstyr i FAIRs værksted, og dokumentation herom sendes inden for 30 dage.

GDPR og FAIRs øvrige aktiviteter

Nøglebegreberne i GDPR er privacy by design og privacy by default, som vi ønsker at efterleve. For at kunne være en foregangsorganisation for GDPR (fordi vi synes datasikkerhed er vigtigt!) gør vi følgende:

Philip Douglass er i 2018 udpeget som vores første DPO, og alle spørgsmål kan sendes til dpo@fairdanmark.dk

Læs hvordan din virksomheds it-udstyr kan hjælpe skoler i Malawi her >


(English)

FAIR cares about privacy. This follows naturally from our interest in open source and democracy. One of the main activities in our organization is to wipe data from media such that it doesn't fall in the wrong hands.

Therefore, we think the GDPR (General Data Protection Regulation) is a step in the right direction. And as an organization that already processes personal data, we recognize many of the challenges addressed by GDPR.

GDPR and new opportunities for computer collection

Firstly, GDPR has the immediate consequence that you cannot simply transfer ownership of hard drives and other media to associations and dealers. If unencrypted personal data exists on the media, it should not, as a rule, be transferred to third parties without the consent of the persons involved. All unencrypted personal data must be removed from the media before they are passed on.

Therefore, FAIR now offers:

These activities are conducted by experienced IT professionals who work voluntarily and sign a confidentiality contract with the company.

Our price list is updated to reflect this new service.

Of course, you do not need to use in-house sanitization if you have computers without unencrypted personal data or that are exempt from GDPR for other legal reasons. Equipment will always be erased securely at the FAIR workshop and you will receive your data sanitization report within 30 days - business as usual.

GDPR and FAIR's other activities

The key concepts in GDPR are privacy by design and privacy by default. We adhere to those. In order to be a GDPR pioneer (because we think data security is important!), we do the following:

Philip Douglass was appointed as our first DPO in 2018 and all questions can be sent to dpo@fairdanmark.dk

Read more about how we safely handle your company's computers such that they can find new life at schools in Malawi >


A proud volunteer: An interview with Reuben Moyo

A proud volunteer: An interview with Reuben Moyo

Back to blog index