The last time you disposed of your company laptop, phone, computer, or any other device, are you sure that the data that was contained in these gadgets was completely inaccessible? If this data ever got in the wrong hands, GDPR indicates that your organization will be responsible for the damage. While the data might appear useless, remember that 16.2% of all data uploaded on devices by employees is sensitive and subject to manipulation if it ever lands in the wrong hands. These files contain names of clients, their social security numbers, home addresses, and phone numbers, among other details. Before disposing of computer gadgets, you must be certain of secure data destruction in line with GDPR guidelines.
General Data Protection Regulation
Enacted in 2017, General Data Protection Regulation-GDPR has provided rules to guide the process of disposing of data when disposing gadgets or when they are at the end of their lifespan. The guidelines on destruction focus on elimination, erasure, and clearing digital content. Destruction is also classified as data processing and involves three steps.
i. Data Acquisition and Processing Controls
The step involves identifying data collection points in your organization and implementing policies that guarantee control over the data. The data owner must have full control of how much information is provided and what happens to the data. For instance, he must be notified in case the data is shared with third parties.
The customer must have the right and option of ordering the deletion and destruction of data once the primary transaction is complete. The permissions and rights extend to browsing history and sales records. In the case of future interaction, new information will be provided.
The role of the organization is to train its employees on data handling and create awareness of regulatory requirements. Each organization should develop an internal data acquisition, processing, management, and destruction policy. The policy should be aligned to GDPR then localized to address your unique needs.
Employees and all persons who will be handling the data must understand the consequences of breaching these regulations. Remind employees and all persons handling data that each stolen record will cost at least $242. Calculate the cost of each record you are holding for your clients.
As an organization, you have the obligation of carrying out a data audit regularly. The audit helps you to establish the data in your possession, how long you have held the data, where it comes from, and when it is updated. Consider data in electronic as well as physical form, like documents.
Audit data access protocols and realign this access based on changing needs. How do you transfer data to third party suppliers, for example, and how is it handled. Where do you keep your data and are you guaranteed of its security?
ii. Secure Erasing of Old Data
Once you are done with a customer or a one-off transaction, GDPR demands that the data be destroyed unless you have express permission to withhold it. According to experts at secure data destruction service, pressing the delete button does not mean that the data has been erased. Data miners with malicious intent will still access the data and use it for other purposes using advanced software.
Some of the common data destruction methods like magnetic destruction and reformatting old drives do not provide a guarantee that the data has been erased. In case the data is accessed by malicious persons and used for the wrong reasons, you will still bear the responsibility.
A data collecting or data processing organization must develop methods that will guarantee complete destruction. Since every organization cannot have a data destruction unit, the best solution is to find customized data erasure solutions based on the amount of data you handle and the frequency required for destruction. Data erasure and destruction service providers are experienced and have the gadgets to ensure total destruction. The contract signed also ensures that they take responsibility for any breach that may happen in the course of destruction.
iii. Data Hardware Destruction
Though it comes with its disadvantages like the loss of the value for the hardware, it is the most certain data destruction method. If the hard disk is destroyed, you will be sure that the data it contains will be inaccessible. Physical destruction dismantles the hardware in such a way that it cannot be useful again, regardless of future advances in technology.
Shredding, crushing, and incineration are the best physical destruction methods. Not only is the disk unreadable, but it will also be unusable. The extent of damage is such that it cannot be reassembled. This is a foolproof way of ensuring total compliance.
Cloud Data Destruction
Data stored in the cloud is impossible for you to destroy because the physical infrastructure is not under your control. 31% of clients leave the destruction to the cloud managers without even bothering to inform them or take the measures provided. To guarantee safety, review the cloud engagement contract, and pay attention to the data destruction clause.
Compliance is Not a Choice
When all is said and done, it does not matter whether you comply or not. Customer confidence in your data handling, employee awareness, and playing your part in the data destruction equation will be your saving grace. Data destruction services protect you from the catastrophic compensations and penalties could herald the end of your business.
Comments