Introduction

The purpose of this policy is to achieve compliance with regulations, specifically data protection laws, such as EU General Data Protection Regulation (GDPR), PCI DSS requirements, industry recommendations, ISO standards, and internal policies. This policy also serves to minimize the impact of data breaches and the associated loss of data. It also pertains to environmental and social, governance (ESG), where data sanitization assists in the overall targets for contributing to sustainability and the circular economy.

This policy targets both asset lifecycle recommended procedures and data lifecycle management procedures, with reference to data sanitization in the form of data erasure.

Intended Audience

The responsibility for data protection and applying this data sanitization policy resides with and is primarily for data protection officers (DPOs) or chief information officers (CIOs), chief data officers (CDOs), chief information security officers (CISOs), chief technology officers (CTOs), IT managers, and those with responsibilities related to digital data.

Purpose of Policy

To minimize the organization's risk exposure from data breaches, it is vital to assess the information lifecycle within the business in parallel with analyzing and documenting the asset lifecycle. The following examples should be added to documented work processes and taken into consideration to actively improve data protection.

General Data ...