Navigating the compliance landscape
Navigating the world of regulations can feel like trying to solve a Rubik’s Cube blindfolded. But don’t worry—we’re here to help you crack the code and stay compliant with ease. Let’s take a look at some key regulations and how we can help you meet them.
How do we help you meet regulations?
Let’s break it down!
ISO 27001
Data security is not just a buzzword, but a necessity for many providers of digital and physical services to your customers. ISO 27001 provides a framework for organizations to manage and protect sensitive information assets by establishing, implementing, maintaining, and improving an ISMS. This helps to reduce the risk of data breaches and cyberattacks through a systematic, risk-based approach to information security.
Article A.9.2.6
This one says you need to make sure any sensitive data or licensed software is wiped clean from equipment before you toss it out. No sneaky data left behind!
Article 10.7.2
Media (like hard drives or USBs) must be disposed of securely when they’re no longer needed. Think of it as a digital shredder for your data.
Article 11.7.1
You need a formal policy to protect against risks when using mobile devices. Because losing your laptop shouldn’t mean losing your mind.
If you don’t have a secure data erasure solution with erasure certificates in place, you’re not ISO compliant
DORA
The Digital Operational Resilience Act (DORA) is like the bodyguard of financial data.
DORA harmonizes rules on cybersecurity and information and communication technology (ICT) risk management for a wide range of financial entities, including requirements for robust risk management, testing, incident reporting, and stricter oversight of critical ICT third-party providers
Article 11.2
This section requires you to remotely manage and wipe data from endpoint devices. Yes, remotely—because sometimes you need to clean up a mess from afar.
Article 11.2.f.i, 11.2.g, and 11.2.h
These articles emphasize securely deleting data you no longer need and safely disposing of storage devices. No old data hanging around like a bad smell.
.If you don’t have a secure erasure solution that works remotely, you’re not DORA compliant.
GDPR
The GDPR is the European Union’s General Data Protection Regulation, a comprehensive data privacy law that came into effect in 2018, giving individuals greater control over their personal data and imposing strict obligations on organizations that collect and process it. Norway, a member of the European Economic Area (EEA), is also bound by the GDPR, which regulates the processing of personal data and provides individuals with rights like access, rectification, and erasure of their data.
What is the GDPR?
It’s the strongest privacy and security law globally, updating previous data protection directives.
It establishes a single, consistent set of rules for data protection across the EU and the EEA.
What it covers:
Personal Data: Any information that can identify a natural person, including names, addresses, email, IP addresses, and even biometric or genetic data.
Data Processing: The collection, storage, transfer, and other handling of personal data.
International Transfers: Rules for transferring personal data outside the EU/EEA.
Who it applies to:
Any organization, regardless of location, that collects or processes the personal data of EU/EEA residents.
Data controllers (who determine the purpose and means of processing) and processors (who process data on behalf of controllers).
Key principles and individual rights:
The GDPR is based on principles like lawfulness, fairness, transparency, data minimization, accuracy, purpose limitation, and accountability. Individuals have the right to:
Access: Get information about their personal data.
Rectification: Correct inaccurate data.
Erasure: Request their data be deleted.
Object: Prevent processing for specific purposes, such as marketing.
GDPR is all about giving individuals control over their data.
Here’s how we help you stay on the right side of the law
Right to Erasure
Also known as the “right to be forgotten,” this means you need to completely and securely delete personal data when requested. No traces, no excuses.
Data Minimization
Don’t keep data longer than necessary. When it’s time to say goodbye, make sure it’s gone for good
Audit Trails
We help you create verifiable records of data erasure, so you can prove compliance during audits. Think of it as your digital paper trail.
Secure data erasure isn’t a nice-to-have—it’s a must-have for GDPR compliance
NIST SP 800-88
NIST Special Publication (SP) 800-88, “Guidelines for Media Sanitization,” is a U.S. government document that provides a framework for securely and permanently removing data from storage media. Originally created for federal agencies, the guidelines are now the benchmark for media sanitization in the private sector and are widely adopted internationally
Clear
This method involves applying logical techniques to all user-addressable storage locations to sanitize data.
Technique: Overwriting the media with a new value or using a factory reset command.
Protection level: Provides a moderate level of data protection against simple, non-invasive data recovery techniques.
Best for: Media that will be reused within the same organization
Purge
This method employs more rigorous physical or logical techniques to make data recovery infeasible, even with state-of-the-art laboratory techniques.
Techniques:Degaussing: For magnetic media only, this process neutralizes the magnetic field, rendering data unreadable.
Cryptographic Erase (CE): For media that support it, this method overwrites or zeroes out the media encryption keys, making the data permanently inaccessible.
Protection level: Offers a more thorough level of sanitization than the Clear method.
Best for: Media that will be released from organizational control
Destroy
This is the most thorough method and involves the physical destruction of the media to make data recovery impossible.
Techniques: Shredding, incinerating, pulverizing, or melting the storage device.
Protection level: Renders the media permanently incapable of storing data.
Best for: The highest-sensitivity data or for media that cannot be cleared or purged