The world's strictest data protection regulations have recently gone in to effect. GDPR (General Data Protection Regulation) newest updates aim to protect all EU citizens from privacy and data breaches. Every organization that collects and/or processes data from people in the EU is subject to GDPR and needs to comply. GDPR imposes steep penalties for non-compliance whether your organization is based in the European Union or not. Now is the time to ensure your drive retirement process aligns with the new regulations.
The latest changes, in effect starting on May 25, 2018, have widened their scope considerably, both in what data must be protected and in who must take responsibility to protect it. Protected data has been expanded to include everything from the obvious, names and financial data, to things like photos and computer IP addresses. In short, any data that can be used to directly or indirectly identify an individual.
Although this regulation is meant to protect the privacy of citizens of the European Union it’s reach is far greater. GDPR applies to any organisation that processes or holds personal data of a EU citizen regardless of the company’s location or the location the data was collected. By one estimate, more than 90% of US companies will be effected by the new GDPR regulations.
Now that GDPR is in full force most companies will need to re-evaluate how they handle personal data at several stages of their business in order to comply. There is one important stage that is often overlooked. What happens to your storage devices when they are no longer in use? This has been a concern for financial institutions and medical providers for some time, but is now becoming a concern for any company that collects or processes any personal data for EU citizens.
When a computer or other storage device reaches it's end of life or needs to be reallocated to a new user, special consideration must be paid to what data is left behind. Carelessly disposing of devices can quickly undermine your security strategy and invite a data breach.
Before your throw out or donate old hardware the best practice is to remove all data from the device. When you remove the data you remove the risk that it can be accessed for nefarious means. Deleting files and even formatting a drive does not guarantee that the data is really gone. Often times data can be recovered easily with off the shelf products. Using WipeDrive to securely erase your device can remove all the data and make it unrecoverable, even under laboratory conditions. In most cases this can be done on site, before the device leaves your building, reducing opportunities for a breach.
GDPR outlines two levels of fines depending on the type of infringement. However both levels have staggering limits. At the upper level, non- compliance can cost your business up to €20 million ($23.5 US) or 4% of global annual turnover, which ever is greater. Even lower level non-compliance, at about half that penalty, can be painfully high. It is still unclear how aggressively these types of fines will be doled out. What is clear is that data security needs to become a top priority for any business that collects or processes user data from the EU.
Don’t let end-of-life data security slip through the cracks. Correctly and securely destroying data when it is no longer in use could save your organization millions of dollars. WipeDrive can quickly and efficiently sanitize a drive before it ever leaves your facility. WipeDrive is certified by multiple regulatory bodies (EAL4+, ADISA, NCSC, and more) and has been proven to effectively erase a drive such that no data can be retrieved.
WipeDrive’s flexible reporting options allow you to generate and store reports for every wipe performed providing you with an audit trail. Our adaptable deployment options mean you can wipe a single machine at a time or hundreds of drives at once. The customization of our enterprise-class software will accommodate your specific business needs.
GDPR compliance is a top priority for any business. By following our best practices your IT assets can be safely re-used, recycled or donated without the risk of sensitive user data falling into the wrong hands.
Contact THE WhiteCanyon Sales Team at 801 224-2952 for more on how we can help you reach compliance.