GDPR Ready Basics: Regular USB Drives Leave You Out of GDPR Compliance

GDPR applies to EU and non-EU companies that handle EU citizen’s data.

Starting May 25, 2018

Regular USB Drives are Dirty Data Hoarders and expose your organization to GDPR fines when lost or stolen.

It is a known fact that regular USB drives create Portable Shadow Data. A regular USB drive hoards all data that you store on it, never removing anything until it absolutely has to. There is no acid-wash used when you delete a file or empty the trash can, not even when you quick format a regular USB drive – all the data is still there. This leaves a standard USB drive with not only traces of what has been stored on it, but in many cases full copies.
A regular USB drive is the definition of a dirty disk, full of yesterday’s and last year’s files, and there are no systems that keep track of what has been stored on a regular USB drive during its entire lifespan so there is no telling what is really on a regular USB drive. Therefore if lost or stolen the question is not only: Was there sensitive data on the device? But also: Was there at any point in time, sensitive data on the device? If any of these question are yes, you have 72 hours to act under the new GDPR regulation, or be subject to significant fines and penalties.

Software encryption on regular USB drives make matters worse as it gives users a false sense of compliance.

Software encryption can be enforced on your network, but it is not possible to prevent the user from removing the software encryption from a regular USB drive. The return transport of data to your network is left in the hands of your users. If they have misunderstood the instructions you will be left non-compliant and vulnerable. This means you are exposed and that your budget has been spent on a false promise.

Hardware encrypted USB drives help users into compliance.

Unlike software encryption, hardware encryption on secure USB drives is automatic, always on, can not be disabled because there is a crypto processor built inside the device. When the user reconnects the device they can access their data by entering the complex password. Because the hardware encryption process is handled automatically, there is no risk of user error or data corruption.

To simply secure your data, DataLocker uses military-grade AES 256-bit hardware encryption for all DataLocker secure USB flash drives. Utilizing hardware encrypted DataLocker drives will not only save you from potential vulnerabilities of software encryption, but also protect your data against brute-force attacks, ransomware, cold boot attacks, and other malware.

Centrally Managed secure USB drives will give you the best compliance solution.

To make sure your organization’s data is kept safe, providing the users with secure USB drives is a good start. However a central management solution will make sure that all risks of losing data are eliminated and provide powerful productivity tools.
With DataLocker Central Management platforms, achieve compliance for USB storage usage with full control, enforcing password policies, remote password resets, and audits protecting your data, your mobile workforce, and organization.


Get proof of compliance with a complete audit trail by user, including connections, login failures, resets and loss reports.


Enforce policies such as file-type restrictions, password rules, or geographic boundaries.


Monitor all your encrypted endpoints, including their location anywhere in the world.

McAfee Anti-Malware

Protect data with a built-in anti-malware that scans/removes malware detected on the device and receive real-time reporting through central management.

Secure data on the move with DataLocker encrypted solutions and become compliant with GDPR regulations. See why thousands of enterprises choose DataLocker to help protect their most sensitive information.

To understand the problems and find promising solutions for your organizations, downlaod our White Paper on GDPR and Infographic PDF version:

GDPR – Whitepaper
GDPR – Infographic