Condusiv Introduces Software Compliance Solution for GDPR "Right to Erasure"
On May 25th of this year, the European Union formally adopted an updated and consolidated set of rules for personal data privacy called the General Data Protection Regulation (GDPR). The regulation applies not only to European companies, but to any firm doing business, in person or online, with a citizen of any of the 28 nations that make up the EU.(1)
Penalties for noncompliance with GDPR are severe: as much as 4% of an offending company's global turnover, up to a total fine of €20 million.(2) A key provision of GDPR is the right to be forgotten (RTBF), which empowers any European citizen to have his or her name and identifying data permanently removed from the archives of any firm holding that data in its possession.
A component of the right to be forgotten is called "right to erasure," which requires that the data be permanently deleted, i.e. irrecoverable. Many affected records consist not of fields or records in a database, but of discrete files in formats such as Excel or Word. What is needed in such a case, is a tool that can recover from incorrect deletions and also, in the case of confirmed valid "right to erasure" requests, permanently delete the record so that it cannot be retrieved. For Windows-based systems, this dual ability is offered by Condusiv's Undelete® product line, which ensures that—up to a point—every deleted file or version of an Office file on a Windows PC or server can easily be restored, even if it was deleted before Undelete was installed.
In the case of a data security issue such as a confirmed "right to erasure" request, however, Undelete's SecureDelete® feature will overwrite the file to help ensure it is unrecoverable, using specific bit patterns specified for this purpose by the US National Security Agency. A second feature, "Wipe Free Space," will overwrite any free space on a selected volume, using the same specific bit patterns as SecureDelete to clear out any previously written data in that free space.
1. Palmer, Danny, "What is GDPR? Everything you need to know about the new general data protection regulations," zdnet.com, May 23, 2018.
2. "Fines and Penalties." GDPR EUorg, http://www.gdpreu.org/compliance/fines-and-penalties/.