Response 971347

Response to request for information

Reference

971347

Response date

11 November 2022

Request

1. Who is responsible for data protection compliance within your organisation?
2. Do they know who performs the data sanitisation processes for the organisation?
3. Are they aware of the Information Commissioner’s Office approved GDPR certification scheme?
4. If no, would they find these schemes useful to help with their compliance?
5. If yes, do they specify the use of GDPR certification schemes for vendor selection?
6. Do you utilise an ADISA certified ITAD service provider for your IT asset disposal needs? 

Response

1. Who is responsible for data protection compliance within your organisation?

   • All employees at Rushcliffe have a responsibility to ensuring we remain compliant with UK GDPR and Data Protection Act 2018

2. Do they know who performs the data sanitisation processes for the organisation?

   • Data sanitisation is performed by ICT Services once an ICT asset is deemed to be disposed of securely.

3. Are they aware of the Information Commissioner’s Office approved GDPR certification scheme?

   • Yes, which currently include the following:

     • ADISA ICT Asset Recovery Certification 8.0 [ICO-CSC/004:2]
     • Age Check Certification Scheme (ACCS) [ICO - CSC /001]
     • Age Appropriate Design Certification Scheme (AADCS) [ICO - CSC /002]
4. If no, would they find these schemes useful to help with their compliance?

   • None of the above schemes are helpful and would like to see UK GDPR compliance certification programmes be available.

5. If yes, do they specify the use of GDPR certification schemes for vendor selection?

   • Not applicable

6. Do you utilise an ADISA certified ITAD service provider for your IT asset disposal needs? 

   • Yes, we look for this accreditation when appointing recycling suppliers.