{"id":18608,"date":"2018-10-18T10:55:13","date_gmt":"2018-10-18T14:55:13","guid":{"rendered":"https:\/\/quantumlifecycle.com\/staging\/gdpr-implications-for-data-handling-in-north-america\/"},"modified":"2023-09-06T15:37:05","modified_gmt":"2023-09-06T19:37:05","slug":"gdpr-implications-for-data-handling-in-north-america","status":"publish","type":"post","link":"https:\/\/quantumlifecycle.com\/en_CA\/blog\/gdpr-implications-for-data-handling-in-north-america\/","title":{"rendered":"GDPR: Implications for Data Handling in North America"},"content":{"rendered":"

<\/a>GDPR is a term that may sound vaguely familiar. The acronym, which stands for General Data Protection Regulation<\/u><\/span><\/a><\/a>, was all over the news earlier this year. In short, GDPR is a set of rules implemented by the European Union to give EU citizens more control over their personal data. Its creators have called it the most important change in data privacy regulation<\/u><\/span><\/a><\/a> in 20 years.<\/p>\n

The world<\/a> produces 2.5 quintillion bytes of data a day<\/u><\/span><\/a>, and 90 percent of all data has been produced in just the last two years. Research group IDC predicts that by 2025 the world will be creating 163 zettabytes of data a year<\/u><\/span><\/a>. (A zettabyte is one trillion gigabytes.) Since just about everyone today has personal data registered with banks, government institutions, healthcare providers, retailers and social media companies, GDPR has big implications for the businesses that collect, analyze and store that data\u2014everyone from the smallest local store all the way to federal governments.<\/p>\n

GDPR was created to ensure that organizations that are gathering data do so legally and that there are safeguards in place to protect that data once the consumer has handed it over. While developed in the EU, GDPR applies not only to organizations operating there but also to organizations elsewhere that offer goods or services to customers or businesses in the EU. This ensures a long reach that extends to major corporations no matter where they\u2019re headquartered. With fines<\/u><\/span><\/a> for non-compliance of up to 20 million Euros or four percent of annual global revenues, the stakes are higher than they\u2019ve ever been for companies handling personal data.<\/p>\n

How Does GDPR Relate to Active Servers?<\/h2>\n

GDPR obviously impacts the data stored on hard drives. For data stored on an active server, Article 15<\/u><\/span><\/a> of the GDPR guarantees that individuals can obtain their personal data from companies and discover how it\u2019s being used. In order to respond to such subject access requests, organizations must be able to find that data on their active servers. Under Article 17<\/u><\/span><\/a>, known as the \u201cright of erasure<\/a>,\u201d an individual can request erasure of his\/her personal data on one of several grounds and an organization must be able to prove that they can erase data properly and permanently.<\/p>\n

The GDPR states that, \u201ccompanies can reduce<\/a> the probability of a data breach<\/a> and thus reduce the risk of fines in the future, if they choose to use encryption of personal data.\u201d Should the worst occur and there is a loss of media containing personal data that is likely to result in a risk of physical, material or non-material damages<\/u><\/span><\/a> such as discrimination, identity theft, financial loss or damage to reputation, under GDPR this must be reported to the data protection<\/a> authorities and would put the company in line for potential fines. As a form of risk management, having a data encryption policy in place is a win for the consumer as well as for the company.<\/p>\n

\"\"<\/p>\n

How Does GDPR Relate to End-of-Life Drives?<\/h2>\n

Once data-bearing devices are scheduled for destruction, companies need to maintain and document a chain of custody<\/a> throughout the destruction process. Working with a GDPR-compliant secure data destruction<\/a> provider who can generate an audit trail for each step of data destruction is necessary to prove compliance with GDPR regulations.<\/p>\n

Where Can I Find a GDPR-Compliant Recycler?<\/h2>\n

A GDPR-compliant secure data destruction provider such as Quantum will be fully accredited with relevant credentials such as:<\/p>\n