Updated: Apr 22, 2020

What Is Required for GDPR Compliance?

Passed in 2016, the GDPR redefines what is protected personal information by adding several new categories of data that must be managed securely and be destroyed with routine data destruction. GDPR requirements must be followed when handling personal data of EU citizens and for financial transactions within the EU.

What Personal Identification Information Is Protected by the GDPR?

Some new categories of information were added to the list of protected personal information by the GDPR. These types of personal information must be protected while stored and follow data erasure protocols:

  • Biometric Data
  • Name, Address, and ID numbers
  • Genetic and Health information
  • Race or Ethnic Origi
  • Sexual Orientation
  • Political Affiliations and Opinions
  • Location, IP Address, RFID Tags, and Cookie Data from Webpages

Are Your 3rd-Party Data Partners in Compliance with GDPR?

The regulations require the same level of security at all stages of data management, which means that your 3rd-party vendors and data processing partners must also comply with GDPR requirements. If your cloud storage or drive eraser software is not in compliance, your organization will be judged non-compliant.

Meeting these stringent requirements and providing documentation, should your organization be audited, is important to continue to do business in the European Union. Being certified compliant is a selling point that lets your customers know they can trust your company with their international business.

If you are using a physical data destruction process or manual data deletion now, you may need to review the requirements in detail to make sure that all website data, IP addresses, and biometric data are destroyed as soon as the information is no longer needed for business operations. It is very possible that your current data security practices are leaving gaps through which this newly protected personal information can escape.

WhiteCanyon Software Helps You Be GDPR-Compliant

WhiteCanyon’s WipeDrive software is a business data eraser tool that completely destroys data in a manner that prevents it from being recovered. Very few methods other than physical destruction will wipe your data-bearing drives completely. WipeDrive overwrites existing data and prevents recovery. It meets the stringent requirements of the NCSC and GDPR.

Not only does WhiteCanyon supply the software you need to become GDPR compliant, but the expertise to help you choose the best products that meet the requirements of all the government agencies or countries where you do business. Avoiding fees, fines, or damage to your corporations’ reputation are all reasons to review your data management practices now.

Our team works with high-security government agencies and private organizations around the world to meet the highest levels of security and provide both large and small-scale data destruction solutions and advice. Contact us at 801.224.8900 today to implement the best data erasure software to comply with GDPR.