It won't be wrong to say that we are living in the time of data processing. Day in and day out companies around the world are dealing with thousands of forms of data. The question arises as to what do they do with unwanted data? They simply destroy them. However an organization in the UK is expected to follow what are known as, secure data destruction standards, while implementing the process. With several types of data being critical from the secrecy point of view for companies, there is another legislation that is expected to further change things.

Read more about secure data destruction standards

Compliance deadline

The General Data Protection Regulation (GDPR) will be applying from 25th May, 2018 and all the businesses in the UK are expected to comply with the new standards. This is particularly true in the case of IT companies, which deal with tons of data. The new standards have been formulated keeping in mind the increasingly global nature of businesses, as well as a rapidly growing global digital economy. These two factors mean that there is always a chance of data mismanagement or data theft, which in turn mean further tightening of standards.

Collection of personal data

A wide range of personal identifiers are part of the GDPR's definition of 'personal data', which would be collected. Organizations are therefore expected to make note of this key point and rejig their data collection processes. The new GDPR regime will also mean collection of 'sensitive personal data' too. Under the new regulations there are certain types of data such as biometric or genetic data which are categorized under sensitive personal data.

Strict about sensitive data

Using means of analytics software tools companies are known to collect information from individuals or businesses at various points in time. Under the GDPR regulations stricter rules are expected to be enforced. For example, under GDPR any individual user must be provided with detailed information on the kind of data that is being collected and being processed. Similarly, the new regulations state that explicit consent is required for processing certain types of sensitive data. Such changes from the earlier regulations is what makes the compliance process a challenge for companies, particularly those in the IT sector which as mentioned earlier deal with a lot of data.

Overwriting data

When it comes to data disposal methods the new regulations state that thorough details should be kept as part of GDPR compliance. There are several ways in which data destruction is carried out. Overwriting of data, for example is one method, wherein randomly generated data is used to overwrite. Similarly, in some cases data is overwritten using 1s and 0s.

Data destruction using degausser

Another method that is generally used involves the use of a degausser. When the data on a magnetic tape or hard disk is exposed to the powerful magnetic field of a degausser, it gets destroyed. This form of hard drive erasure is part of the standard regulations in several countries and considered a guaranteed method to permanently destroy data.