Piecing it together: Compliant Data Destruction in the new world
White Paper | May 2020
There is no one body of law that governs all aspects of data privacy and data destruction.  Organizations must look to the various laws and regulations that impact this process and ensure they have a compliant process in place.
Like pieces of a puzzle, organizations must navigate the various bodies of laws and regulations to understand their obligations in this new environment.
When analyzing the various laws and regulations that make up the regulatory tsunami, the foundation of compliant data destruction processes comes to light.
Organizations must:
Requirement
Regulatory Source
Always maintain control of data
GDPR, EO 13800, NIST, CCPA, LGPD
Digitally track data (must account w/in 72 hours) 
GDPR, LGPD
Institute risk averse processes and Cyber Security Framework
EO 13800, NIST, CCPA, LGPD
Ensure 3rd party certification
EO 13800, NIST, CCPA
Track, Contain, Dispose, Document, Verify
EO 13800, NIST, CCPA
Media Sanitization Dual Authorization (sanitizer & verifier)
EO 13800, NIST
Destroy within 4 walls
GDPR, EO 13800, NIST, CCPA, LGPD