GDPR And U.S. Corporations
How WipeDrive Helps You Be Compliant
The General Data Protection Regulation, or GDPR, was passed by the European Union in April 2016 and went into effect on May 25, 2018. It applies to any organization that collect and store personal data, including names, home addresses, phone numbers, emails, and social media posts. Bank and health information, website data, and any personal information stored on a SSD, NVMe and platter-based hard drive are included too, which can be permanently erased using a secure wipe utility such as WipeDrive.
GDPR And U.S. Corporations
European businesses aren’t the only entities impacted by this regulation. Small and large U.S. businesses with websites that receive visits from European residents must comply. These are companies that collect relevant personal data, whether by receiving names and emails for a user to receive—for example, a white paper—or having such information stored on a data-bearing drive.
Therefore, any business that offers goods and services to, and holds personal data of, EU residents must comply with the GDPR. An Ovum global survey report revealed over 70% of businesses expect their budgets to be impacted by the regulations, while over half expect to be fined.
Tips On GDPR Compliance
The new rule enforces the right for people to let companies use private information. People can also make their information no longer accessible. Individuals can decide whether their private information is publicly available or not.
- All forms of data collection are opt-in.
- On forms, describe what the user is signing up for.
- Let the user opt out or unsubscribe as they please.
Penalties For Non-Compliance
The penalties for non-compliance include a fine of up to 4% of annual global turnover (up to €20 million—the maximum fine for the most serious infringements). However, a 2% fine may be enforced if a business has disorderly records or doesn’t notify the appropriate parties of a data breach, including the data subject.
Data Sanitization And GDPR
The GDPR also impacts practices such as drive sanitization, so it may affect many different businesses. These include software, cell phone, rental car, and television companies—in other words, any company with products that may store personal data.
Permanently removing data from a drive can be a challenge. With WipeDrive, data can be effectively and securely removed from hard drives and even removable media and mobile devices. It is compliant with U.S. Department of Defense standard 5220.22-M and the Common Criteria EAL 2+ security standard, among others. With remote wiping and advanced reporting, the software can help your business comply with the latest GDPR rules.
To learn more, call WipeDrive at 801.224.8900, connect on Live Chat, or schedule a webinar today.