Encryption & Data Erasure Are Essential for GDPR Compliance

According to Article 17 and Recital 65 & 66 of the General Data Protection Regulation (GDPR), "A data subject should have the right to have personal data concerning him or her rectified and a ‘right to be forgotten’ where the retention of such data infringes this Regulation or Union or Member State law to which the controller is subject." The controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

• A data subject should have the right to have his or her personal data erased and no longer processed where the personal data are no longer necessary in relation to the purposes for which they are collected or otherwise processed;
• A  data subject has withdrawn his or her consent or objects to the processing of personal data concerning him or her;
• The processing of his or her personal data does not otherwise comply with this Regulation.

According to Article 83, the infringement of the 'Right To Be Forgotten' can lead to fines "up to 20 000 000 EUR, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher". 

• By using BCWipe, data controllers can permanently remove selected files and data remanence beyond forensic recovery.
• By using BCWipe Total WipeOut, controllers can completely erase entire drives for disposal or re-purpose.

Use BCWipe 

GDPR suggests using encryption as a good practice to protect users' data and reduce the risk of data breaches.

Article 34 states that "The communication to the data subject referred to in paragraph 1 shall not be required if ... the controller has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular, those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption ..."

In Article 32, the regulation suggests "the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymization and encryption of personal data."

Article 6 of the regulation emphasizes "the controller shall, in order to ascertain whether processing for another purpose is compatible with the purpose for which the personal data are initially collected, take into account, inter alia: (e) the existence of appropriate safeguards, which may include encryption or pseudonymization."

• BestCrypt Container Encryption for selected files/folders
• BestCrypt Volume Encryption for superior whole disk encryption
• BestCrypt Base for disk encryption that won’t disturb natural workflow - startup and shutdown can work the same as always