Despite the European General Data Protection Regulation (GDPR) coming into effect in May 2018, the business community is still coming to terms with the need to prepare for its introduction. One aspect in particular, the ‘right to be forgotten’ or as it was amended ‘the right to erasure’, has the very real potential to catch a number of organisations out. Privacy by design is a concept at the very heart of the way data protection is viewed in Europe currently. This includes individuals having the control to demand businesses erase their personal data, stop the dissemination of their data and halt third parties accessing it too.
Traditionally, getting rid of data from storage media has been limited to hard drives, old PCs and laptops once they reach the end of their useable lifespan. In today’s increasingly ‘virtual’ world however the need to securely erase data has gone way past the physical storage device.
Why should we erase data?
There are several business benefits to putting an end to end erasure policy in place, and not simply because of the new focus in revised European legislation.
- Cost – Data storage both physical and virtual is expensive. Being able to erase data securely enables businesses to recycle and re-use storage media without fear of inadvertently placing sensitive data in the hands of others.
- Security – The difference between deletion and erasure is often misunderstood and sometimes thought to be the same. It is important for businesses to understand that if data is deleted it is recoverable but if it is erased properly it is irretrievable.
- Move with the times – The focus on data retention and erasure is not new (PCI DSS, ISO270001) but as the world becomes more data dependent understandably the sentiments of more focussed regulations are being applied to the wider world. As the paper shredder was a must-have office appliance in the 1980s, an end-to-end erasure process is imperative today.
The different types of erasure
From mobile devices to hosts of servers to LUN storage, there are many solutions that remove data so that devices can be securely reused, resold or recycled. This can take the form of an online hosted solution such as Kroll Ontrack’s Hosted Erase; Blancco LUN Erase is an example of software that can work on an active storage environment, or at the other end of the spectrum there are solutions that permanently erase only specific files from a device. There are of course more permanent erasure solutions such as degaussing which can take magnetic tape storage and render the device completely unreadable (and unusable).
More needs to be done!
Commenting on the increase in demand for erasure solutions Phil Bridge Managing Director at Kroll Ontrack stated:
“Businesses, regardless of size, are facing two kinds of challenges that have driven demand for our data erasure products and services by 446% over the last year. Specific data protection professionals are on the whole well-informed about the new GDPR legislation and requirements and for them the challenge is to bridge the gap between theoretical requirements and the practicalities of implementation – as well as the impact this will have on their respective businesses. Conversely there are still a large number of organisations that have not assigned the tasks associated with data protection within their business, be it to an individual data protection officer or a group of data protection focussed members of staff. For those businesses time is truly running out and they must start preparing now.”