Summary: This blog consists of all the information you need to know about General Data Protection Regulation (GDPR), such as GDPR’s Definition of Personal Data, GDPR Compliance, Rules, and Penalties, and more. We’ve also provided a secure data erasure solution to help you erase data beyond recovery from your system or hard drive.
All you need to know about GDPR
The countdown has begun for companies to comply with the newly enacted legislation of the European Union. Its aim is to protect the privacy of its citizens. The General Data Protection Regulation (GDPR) aims to provide much better protection than the earlier Data Protection Directive 95/46/EC.
The directive protected the processing of data and was merely a guideline. It required individual members of the Union to enact their own regulations, adhering to the principles of the directive. This created loopholes in the privacy law and a new unified regulation was the need of the hour.
GDPR, on the contrary, unifies the data protection law across all member states in the European Union. The law’s objective is to solidify the privacy and data protection rights of individuals within the EU and also to streamline the rules applicable to companies operating in the EU. Unlike its predecessor, the new law imposes a hefty fine on companies that don’t abide by the regulation.
The General Data Protection Regulation comes into effect from May 25, 2018. Companies based in Europe or having clients and customers in Europe will come under the purview of this law. This law is applicable to all business, irrespective of the size.
GDPR’s Definition of Personal Data
As per GDPR, personal data is the information that is private, public, or professional. Example of such data includes names, emails, bank details, addresses, medical information and IP addresses. Photographs and social media post are also included in the range of personal data and the regulation applies to them too.
Information collected by law enforcement agencies and national security bodies are exempted from inclusion in GDPR.
The new law also focuses on companies using algorithms to make decisions. Companies use algorithms with the intention of providing bias-free decisions due to the elimination of human factor. But, there has been a wide speculation of massive discrimination due to the algorithms. As per the GDPR, any European Union citizen can legally challenge any decision made for them with algorithms.
What is GDPR Compliance, Rules, and Penalties?
Post-May 25th, 2018, companies all around the world with operations or customers in the European Union would have to comply with the new law. Below are some of the things companies can expect from customers or can initiate on their own.
- Companies can expect requests from customers to delete their personal data.
- As the relevance of an information expires, companies will have to delete the data.
- Information obtained through unfair and unethical means will have to be deleted prior to 25th May 2018.
- Data obtained and used illegally will be required by law to be deleted.
Rules and Penalties
- It might become a requisite for large companies to employ officers to monitor and protect data.
- In an event of data breach, companies will have to notify the authorities in their region and also intimate the customer whose data has been lost.
- Not abiding by the law can result in a massive fine on companies. They might have to pay a fine of €10,000,000 or 2% of their annual turnover. Depending on the seriousness of the case, the fine can be extended to as much as €20,000,000 or 4% turnover.
The Path Ahead
This step by the EU was inevitable given the lack of data protection laws all around the world. It should not astound you if other countries outside the EU start to tighten their laws. That said, what can a company do now to protect itself from the adverse effects of GDPR?
- The initial thing to do is to complete an audit by following the GDPR legal framework. This will help you identify if your business is adhering to the law or not.
- Apportion and identify the data of customer from the European Union.
- Identify businesses that are storing and processing these data for you.
- Recognize who has the access to this personal information.
- Overview the method you use to protect data. Is it encryption, tokenization, or pseudonymization? Measures must be taken before May 25th to protect the data of customers and users.
- Remember to also protect your backup data.
- Keep a record of the measures you have initiated to protect data. This information can be used if you are investigated by the GDPR Supervisory Authority.
- GDPR encourages ‘data protection by design and by default’. What does it mean? It means that data should be automatically protected as and when you obtain them.
Need to Erase Data Permanently
As per the Article 17 of GDPR, data subjects have the right to obtain erasure from the data controller. The erasure must be done without undue delay in the following circumstances: the subject withdraws consent for processing and the controller does not lawfully require to keep it, the subject is a minor, the subject uses the right to object data processing unless the controller is bound by law such as bank for 7 years, there is a legal requirement, the controller does not need the data anymore, or the controller or its processor is processing data unlawfully. The regulation mandates organization to completely erase such data to avoid penalties.
How to Erase Data Permanently?
Due to computational constraints, an operating system does not erase data permanently when you delete data or format a drive; the data remains intact in the drive and can be recovered using a data recovery software or sending your storage drive to an expert data recovery service provider. In order to erase data permanently, the organization that acts as a data controller or a data processor must use a data erasure software (a subset of data protection software). Data erasure software helps an organization to securely erase subject’s data beyond recovery. Not even that This tool helps the organization to comply with the GDPR data erasure policy and prevent any punitive fines when investigated or audited by the GDPR Supervisory Authority in case of noncompliance. The two most reliable data wiping software tools available in the market, which can be used by a compliant organization, are BitRaser for File and BitRaser.
BitRaser File Eraser
BitRaser File Eraser is a highly effective file wipe software when you want to delete specific files of your customers securely. The software works seamlessly on all versions of Windows, including older versions as late as 2003. It includes an intuitive and user-friendly GUI, which makes the software very easy to use. Below are some of the highly useful features of the software.
- Includes 3 world renowned erasure algorithms including DOD
- Effectively erases data from mapped drives within the system.
- Supports file systems such as FAT, ExFAT, and NTFS.
- Allows you to erase the system activity with the software to ensure privacy.
- Erase internet activity traces and installed application traces.
- Create erase list and wipe the files and folders on the list in a single step.
- Provides option to restrict the access to the application with password protection.
Steps to Use BitRaser for File
- Install, run, and launch BitRaser File Eraser
- Go to the ‘Settings’ tab and then choose the erasure algorithm and verification method from the respective drop-downs
- Now click ‘Home’ and then click ‘Erase Files and Folders.’
- On the next screen, select the location where the file(s) you wish to delete reside. You can do that two ways- either you can drop the file directly or you can use the Add items button to add the file(s)
- After the selection, click on Erase Now button to erase the selected files.
- Alternatively you can click on Erase Deleted Data select the hard drive and wipe all the contents of the selected volume in one go.
Your files are now erased successfully & securely beyond recovery!
Apart from its usefulness in removing files from a system, the software also eliminates e-waste. Companies use shredders to shred the hard drives in an attempt to erase sensitive data. The residue generated from the shredder leads to severe environmental issues. Our software erases the data on a hard drive without requiring it to be destroyed completely. This saves the cost of the hard drive, promotes sustainable use of materials, and allows the drive to be reused again.
BitRaser is a Certified and Secure Data Erasure Software. This highly effective data erasure software, allows you to wipe 32 drives simultaneously. BitRaser supports 27 international erasure standards including DoD & NIST, allows the addition of 5 customized erasure algorithms. Bitraser comes in a convenient USB form factor to facilitate plug and play erasure.
The blog creates awareness about the upcoming General Data Protection Regulation. The right to erasure mandates all organization that stores & processes customer’s data to permanently wipe those data under specific circumstances. Merely deleting data or formatting the storage drive won’t remove sensitive data permanently, as it can be easily recovered using a professional data recovery service/software. To securely erase files, a file eraser software—such as BitRaser for File—is mandatory. And to securely wipe storage drives, a drive eraser tool—like BitRaser—is a must. These software packages are quite useful when you intend to repurpose, recycle, or resell data storage devices instead of discarding, thereby contributing to the safety of the environment by reducing e-waste as well as protecting data in an eco-friendly manner and remaining compliant with the GDPR law. The law affects companies operating in the European Union and those that have clients/customers in the region.