Data Destruction and Customer Data Protection Policy

Effective Date: May 2023

1. Introduction

Inter Ethiopia Solutions (IES) is dedicated to safeguarding the confidentiality, integrity, and availability of all physical and electronic data assets throughout their lifecycle. This policy provides guidelines for the secure destruction of data to prevent unauthorized access and to ensure regulatory compliance.

2. Scope

This policy applies to all employees, contractors, and third-party service providers of IES who may handle or have access to data intended for destruction.

3. Policy Objectives

– Data Security: Ensure the complete destruction of data to prevent unauthorized recovery or disclosure.
– Compliance: Adhere to applicable legal, regulatory, and contractual obligations related to data destruction.
– Sustainability: Promote environmentally responsible methods for disposing of data and related materials.

4. Definitions

– Data Destruction: The process of destroying data stored on electronic media so that it is completely unreadable and cannot be reconstructed.
– Data Sanitization: The process of permanently and irreversibly removing or destroying the data stored on a memory device to protect sensitive information.
– Chain of Custody: The chronological documentation that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical and electronic data.

5. Data Destruction Methods

– Electronic Data: Use of software tools that overwrite existing information with nonsensical data multiple times.
– Physical Data: Physical destruction of data storage devices through shredding, crushing, or incineration, rendering them unusable and irrecoverable.

6. Procedures

– Collection: Data intended for destruction must be collected in a secure manner and logged by the responsible team.

– Transportation: Data must be transported securely to the destruction facility. The transport process must be documented, maintaining a chain of custody.

– Destruction Process: The destruction of data must be carried out in a secure and controlled environment. Each destruction batch must be documented, and a Certificate of Destruction issued.

– Recycling: Post-destruction, materials should be disposed of or recycled in compliance with environmental laws and regulations.

7. Roles and Responsibilities

– Data Protection Officer (DPO): Oversees data protection strategies, compliance with data protection laws, and management of data destruction processes.
– Employees: Ensure compliance with this policy during the handling and destruction of data.
– IT Department: Implement and maintain technical measures to manage data destruction effectively.

8. Compliance and Monitoring

Regular audits will be conducted to ensure compliance with this policy. Non-compliance detected during audits will be addressed promptly.

9. Training

All relevant employees and third-party providers will receive training on this policy to ensure clear understanding and effective implementation.

10. Incident Reporting

Any security breaches or incidents related to data destruction must be immediately reported to the DPO.

11. Policy Review and Update

This policy will be reviewed annually and updated as necessary to comply with new laws and technologies.

12. Contact Information

For questions or more information regarding this policy, please contact:


Data Protection Officer (DPO)


Phone: +251911238865

13. Acknowledgement

All employees and relevant third parties must acknowledge that they have read and understood this policy and agree to comply with its terms.