In November 2016, the Conference of the Federal and State Data Protection Commissioners in Germany adopted the Standard Data Protection Model: A Concept for Inspection and Consultation on the Basis of Unified Protection Goals (SDM).
When Does the SDM Go Into Effect?
Last month (April 2017), German data protection authorities (DPAs) published an English version of the text, with an international version of the regulation coming soon. DPAs are currently reviewing the text, and the final version is expected to be published later in 2017.
What Does the SDM Include?
The Standard Data Protection Model outlines a wide range of data security measures and creates a methodology around how the EU General Data Protection Regulation (GDPR)’s data security requirements should be put into practice. It attempts to harmonize how German DPAs review data security measures currently and how they will do so once the EU GDPR goes into effect May 25, 2018. In its current version, the SDM references the GDPR when it contains references to German legal requirements. The model is applicable until the GDPR comes into effect.
In addition to referencing the EU GDPR, the SDM was also created to help companies plan, implement and review their current security measures. It also structures legal requirements around data protection goals, such as integrity, availability, minimization, transparency and confidentiality, among others.
How Can Blancco Help?
Blancco helps organizations achieve compliance with several data privacy and security regulations and guidelines, including SOX, PCI DSS and HIPAA. We can also help with specific sections of the SDM, including:
|Section of the Regulation||How Blancco Can Help|
|7.1 Data Minimization|
“Implementation of automatic blocking and erasure routines…”
|Blancco Data Eraser solutions completely and permanently remove data from LUNs, virtual machines, removable media, drives, computers and mobile devices before they are recycled, reused or resold, helping you meet SDM and EU GDPR requirements.|
Blancco Data Eraser solutions can be automated and implemented onsite or remotely.
“…Typical measures to guarantee intervenability are: Operational possibilities to compile, consistently correct, block and erase all data stored with regard to any one person.”
|Blancco Management Console helps organizations manage all data erasure licenses in one location to have complete visibility of erasure activities. The cloud-based console can be accessed remotely from any location.|
Our tamper-proof erasure reports help organizations prove regulatory compliance requirements with a 100% audit trail.