We talk a lot about the process of data cleansing at Blue Sheep. That is, removing erroneous or deliberately inaccurate form field data, correcting out-of-date information, merging duplicates, screening against suppressions and so on.
Not only does the data cleansing process ensure that marketing can create more relevant messages and operate more efficiently (as you’re no longer wasting budget or time communicating with the wrong people), cleaner data helps mitigate your risks when staying compliant with the forthcoming UK Data Protection Bill (known as GDPR elsewhere in Europe).
Having a data governance process in place ensures that you are not contacting those customers who have not given you their consent, as well as make it more straightforward for you supply those with the information you hold on them should they make a Data Subject Access Request (SAR).
However, cleansing is one thing. What about erasing the personal data you are no longer legally allowed to hold? Such are the demands of GDPR when it comes to using and processing data, it can be easy to overlook some of the other equally important requirements. Namely, the ability to fulfil the “right to be forgotten”.
This is where individuals can insist that an organisation “erases all personal data concerning him or her without undue delay”. This deletion needs to documented, with a certificate to prove erasure. This record will be required should regulators wish to audit your data records to confirm legal compliance to ‘right to be forgotten’ requests.
This process is called data sanitisation and, at the risk of sounding something of a data hipster, you’ve probably never heard of it. In fact, 64% of IT professionals worldwide were not able to identify the correct definition what 'data sanitisation' is.
To raise awareness, the recently founded International Data Sanitization Consortium (IDSC) has helpfully offered theirs, which is:
“The process of deliberately, permanently and irreversibly removing or destroying the data stored on a memory device to make it unrecoverable. A device that has been sanitized has no usable residual data, and even with the assistance of advanced forensic tools, the data will never be recovered.”
The IDSC suggest its best practice methods for the permanent erasure of personal data records are:
Quite literally, destroying hard drives or other storage media devices, by placing them in mechanical shredders. Or, by ‘degaussing’ them, which is wiping the data storage devices with powerful magnets.
This requires using encryption software that erases the key needed to decrypt personal data. This effectively makes data impossible to recover. However, as this often means that the data remains on the storage device, the software used might not be considered compliant to regulations.
This is software that securely overwrites data on a storage device, rendering it unrecoverable. It must have a verified overwriting methodology and produce a certificate to confirm the erasure has been successful.
Methods such as data deletion, reformatting disk drives or factory resetting a device are not considered proper. Methods like data wiping and file shredding will also not be valid, as neither provide proof that the data has been erased. These approaches also leave data vulnerable to hacking or data breaches (another big GDPR issue). You can read a full list of the proper and improper data sanitisation methods here.
With implementation of the UK Data Protection Bill/ GDPR on May 25, 2018, creeping ever closer, time is running out to ensure that your data collection processes and marketing practices will conform to new legislation. A Single Customer View marketing database from Blue Sheep is the ideal solution for ensuring that customer data is accessible in one place, audited, encrypted and primed for sanitisation when required.
Blue Sheep Single Customer View
Consolidate all your data into one Single Customer View for GDPR best practice. Fulfil Subject Access Requests and comply with the ‘right to be forgotten’ by removing all your data silos. Act now to be ready for May 2018. Fill out the form below and we will be happy to discuss your requirements.