Why Deleting Data Doesn’t Meet GDPR’s Data Destruction Guidelines
When it comes to data, there’s a fine line between deletion and destruction. Under many of the major privacy laws, organizations are obligated to “delete” or “erase” data, while consumers are granted the right to be forgotten. The problem? Deleted data isn’t really gone.
According to ZDNet, 59 percent of used or refurbished hard drives contain data from the previous owner, which includes data that was deleted and eventually recovered. Here’s what you need to do in order to ensure that the data you “delete” is really gone.
What’s Wrong With Deletion?
In short, deletion is temporary and destruction is permanent. Unsurprisingly, the latter is far more likely to truly ensure data privacy.
Many of the functions individuals and organizations use to delete data leave it in a form where it can reappear under certain circumstances. For a business that has to comply with data privacy regulations, this means that data deleted upon request by the consumer could remain exposed to potential breaches– a major liability for consumers and companies alike.
How Can You “Destroy” Data?
Of course, it’s not as simple as clicking the “destroy” button instead. True destruction of data requires exhaustive knowledge of where the data lives–and where it can linger after deletion.
To do this, you need to be proactive. When collecting consumer data, be sure to take note of any sensitive data that the consumer may want to delete in the future. For this type of data, take extra care to track where it is stored. Minimizing copies of sensitive data is the best way to ensure that it doesn’t live anywhere unchecked.
For data that your organization has already collected, be sure to consider every possible location. Don’t just delete it from your main database. Check individual harddrives, laptops, desktops and clouds. Destroying data doesn’t just mean deleting it digitally. Some data may have been recorded in paper files, so make sure that those are properly disposed of too.
The best way to do this is to establish a data auditing protocol within your company and also with any third-parties you share or sell data too. Upon transfer, request a list of everywhere the data is stored, the purposes for storage, and how it is being used. If you are consistently engaged, it is much easier to guarantee a deletion process that truly erases the risk of exposure.
In fact, data destruction is something your organization should have a clear policy for. The best practice is to only keep data for as long as you need it so that when the consumer requests deletion, you can proactively comply. The longer data is unnecessarily kept, the higher possibility of a discrepancy. If time goes on and corporate data storage policies change, employees will be more likely to overlook certain copies of data upon destruction.
It’s important to be thinking about data destruction when hardware reaches the end of its life. Data isn’t destroyed just because the hardware that used to store it stopped working. It is common for data to reemerge from such devices, so be sure to invest in a process for completely erasing data from end-of-life hardware.
This isn’t just a suggestion. The EU’s General Data Protection Regulation (GDPR) has a step-by-step process for compliant data destruction:
Step One: Implement controls that give data subjects full rights and permission over their data. Give them a practical way to delete all their personal data.
Step Two: Ensure that data is securely erased, beyond deleting it from your operating system or reformatting old drives.
Step Three: Properly destroy or dispose of any hardware on which the data was kept. This can involve shredding, crushing, burning or removing its magnetic drives.
Even if GDPR doesn’t apply to your company, it’s wise to follow this protocol and implement it as a company policy. After all, as more privacy laws sprout and existing ones tighten, it makes more sense to err on the side of caution.