Data is growing exponentially – whether for business or leisure, most activities today will require some form of data that you opt into giving away. This can be basic information, like your name and contact details, or more sensitive information.
Therefore, the likelihood is that your organisation has a lot of data sitting around, much of which is not actively in use anymore or does not legally need to be held anymore. For example, financial records must be held for six years for proper auditing purposes. Afterwards, you are free to dispose of the data. It is important to consistently conduct data audits to understand what data your organisation is storing, why it is being stored and how long you are required to keep it.
Data audits should note where your data lives and where it is going – for example, if it is shared with any third parties. If your business requires personal identifying information to be shared, it should at least be protected through anonymisation or pseudonymisation. Once you have this information, you can minimise the unnecessary data segments you are collecting, streamlining your future processes.
For the data that you no longer need, whether it is now unnecessary for business purposes or out of date, it is important to have a proper data erasure process. It is not just enough to drag a file containing this data into the wastebasket and consider it a job well done, as most operating systems won’t fully erase this file from the hard drive. Hackers can still access this information using malware and ransomware, long after its forgotten by employees.
Instead, make sure you delete the file and subsequently use a software tool to fully wipe the hard drive or ‘shred’ the file. Though this is more time consuming, it is the best practice for data erasure, and protects your organisation from cyberattacks and compliance issues.
Though often overlooked, this is a major point of information security – data that is no longer needed must be erased securely. If not, your organisation is vulnerable to easily preventable data breaches and liable under regulations like GDPR. Consequently, it is imperative that your organisation has an in-house data audit and erasure strategy.
This is just one of many risk indicators for GDPR that digital risk management tools like CyDesk collate and analyse. Ahead of the two-year anniversary of GDPR, make sure that your organisation is maintaining compliance and managing their cybersecurity posture.