GDPR Compliance

The new General Data Protection Regulations enforce stricter standards for the collection, storage and disposal of consumer data. With stricter regulations come harsher penalties. Secure Data Disposal has never been more essential.

For those found to be non-compliant, they can reach up to twenty-million Euros.

The Regulations apply to both data controllers and data processors (those offering disposal services, ITAD). To show compliance, both parties must maintain records of data destruction.

In 2012 NHS Surrey failed to ensure their IT asset disposal partners wiped patient information from old devices which were later sold at an auction. Several hard drives still contained confidential patient data. As a result, the ICO issued the Surrey NHS with a fine of £2000,000.

In December 2017 Canadian NCIX filed for bankruptcy and auctioned off equipment from their server farm. Because of poor data disposal protocols, they released over 238,00 payment card details, invoices, customers’ IDs, bills, customer names, addresses, email addresses, phone numbers, IP addresses, and unsalted MD5 hashed passwords, to name a few.

I’ll delete the offending files and the job’s done, right?

Unfortunately, the answer is no.

When you delete a file, it isn’t removed from the hard drive. The sectors where the file was stored are instead marked as “unused” and later, the system will write new data over those. By using recovery tools it’s possible to recover that data or hide malware in those spaces on your disk.

Wiping the Drive from your computer’s level doesn’t do the trick either due to modern machines’ architecture. Memory chips go bad fast so modern SSDs (Solid State Drives) are built with a surplus. 100GB SSD could have 124BG of storage but it’s not accessible to the system. Instead, the drive uses this extra space to save your data.

This space is the problem when wiping an SSD as some data and malware may still be present in memory cells that the operating system can’t access.

Well, you have my attention now – so what’s the solution?

The only way to ensure complete data erasure is to use specialised software. These use firmware and logical overwrite patterns to erase Solid State Drives (SSDs) memory cells. Replacing all data with zeros and ones in all sectors of the device. In doing so, the data on the storage device is irrecoverable and achieves sanitization.

At Cameo, we use industry-leading White Canyon Software, which supports military-grade SSD overwrite patterns, provides verification of the process and issues GDPR-compliant certificates of data destruction.

There are many other ways beyond the scope of this article in which Cameo ensures that our managed Secure Data Disposal services are bulletproof.

Contact our Revenue Team to find out how we can help your business today!