Legislation and Guidelines
AVG
As you know, everyone is required by the European Union to handle data carefully, the GDPR legislation, this also applies to you. Even if you pass on a used data carrier to a new user, it must first be certified deleted.
https://www.ducorestealth.nl/avg/
NIST 800-88 r1
The NIST 800-88 r1 Guidelines for Media Sanitization provide organizations with instructions on how to effectively wipe storage and mobile devices in a secure and permanent manner (Clear – Purge – Destroy).
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf
NIS1
Since 2016, companies and institutions such as suppliers of water, energy and telecom companies must comply with the NIS1 (Network and Information Security). They are required to improve information security to prevent cyber-attacks
https://www.enisa.europa.eu/topics/cybersecurity-policy/nis-directive-new
NIS2
In May 2022, the European Commission approved the NIS2, a newer version of the NIS1 directive that will apply from 2024. NIS2 goes one step further, all companies (including small SMEs) in Europe that provide essential services must comply with the new cyber security guidelines by 2023. Companies must meet higher requirements and receive more help from the government when they are affected, for example.
https://digital-strategy.ec.europa.eu/en/library/proposal-directive-measures-high-common-level-cybersecurity-across-union