New Delhi, Jan 28 (IANS) As enterprises struggle to understand the importance of data lifecyle where destructing the data is equally important to archiving or retaining it in the systems of on the Cloud, only 43 per cent organisations in India are fully aware of current and upcoming data protection laws, a new report said on Thursday,
While the B2B firms are more prepared than B2C, 80 per cent of organisations have a defined data retention policy, according to a joint report by Deloitte and Blancco, that provides data erasure and mobile device diagnostics software.
According to the report, organisations in India need to ensure that data is irrecoverable upon destruction so that it doesn’t become a liability.
“With more stringent data privacy laws in place, secure and certified methods of data destruction are required to support enterprise compliance and compliance by third-party vendors,” the findings showed.
As organisations across the globe become more customer centric, it becomes inevitable for them to consider new and upcoming privacy laws and standards and include the relevant data disposal and sanitisation practices for their Global Capability Centers (GCCs) in India.
“The digital transformation of enterprises has paved the way for a data-centric ecosystem which enables housing petabytes of personal data on cloud infrastructure and gigabytes of data on endpoints,” Manish Sehgal, Partner, Deloitte India, told IANS.
“Another vital aspect is to securely dispose the data which is no longer required for business purposes and our survey insights show only 32 per cent of organisations produced certification of data removal from solid-state drives at end-of-life,” Sehgal added.
The efficient management of data from its inception through its disposition is the responsibility of all organisations handling the data.
The two critical end stages are the Archive stage, which addresses retention policies and adherence with those policies, and the Dispose stage, which addresses end-of-life data sanitisation of assets or from within active environments.
“With more stringent data privacy laws in place, secure and certified methods of data destruction are required to support enterprise compliance and compliance by third-party vendors,” the report mentioned.
Due to regulatory reasons, the demand for the data protection officer (DPO) is increasing substantially and more and more organisations require this position.
“The majority of organisations do not have consolidated visibilities into their vendors’ data destruction processes, which makes it difficult to comply with relevant regulations and laws,” the report noted.
According to Sehgal, an effective sanitisation at the end-of-data lifecycle, especially the ones collecting and processing personal data is paramount.
“The efficient management of data from its inception through its disposition is the collective responsibility of all organisations handling the data and consumer who need to be educated about being privacy-conscious”.