Any organization that handles personal data relating to individuals located in the EU will be strictly obliged to review, and potentially overhaul nearly all of their information management processes
The EU General Data Protection Regulation aims to catapult data protection into the era of big data and cloud computing, ensuring that data protection is a fundamental basic right uniformly and consistently regulated throughout Europe. Any company that serves European customers and collects their data will have to abide by this law - even companies based and handling that personal data outside Europe.
The regulation empowers the Data Privacy Authorities in Europe to impose fines for serious infringements of up to 4 percent of annual worldwide turnover or 20 million Euro, whichever is the greater. The magnitude of fines that can be levied virtually ensures that data privacy will become a board-level issue, as non-compliance with the GDPR presents a significant financial and business risk.
“The GDPR is the biggest change to data protection laws in almost 20 years. People and businesses will profit from clear rules that are fit for the digital age and give strong protection,” said Matthew Ellard, Senior Vice President, EMEA at Veritas. “Any organization that handles personal data relating to individuals located in the EU will be obligated to review their information management processes. Veritas is committed to helping them to get control over their data, gain visibility and insights, so they can demonstrate compliance to GDPR.”
The regulation will be enforced in May 2018, so businesses have two years to prepare for the GDPR. A business that finishes this task earlier will not only benefit from getting their data under control - stronger information management will help them to use their storage resources more efficiently and to win valuable insight into the data they are storing.
Hoarding Culture Creates Dark Data
The GDPR introduces new principles like “the right to be forgotten” and notification obligations. Therefore in certain circumstances, a company must completely erase personal data within a certain period if a user requires it. Also individuals affected by a data breach must be notified without undue delay if any of their personal information has leaked into the wrong hands and that leakage presents a serious threat to their rights and freedoms.
Unfortunately most companies don't understand the composition of about half of the data they are storing. According to recent research from the Global Databerg Report, 52% of all information currently stored and processed by organizations around the world is considered ‘dark’ data, whose makeup is unknown. This lack of visibility will make it hard for organizations to find the right data quickly.
Turning on the Lights
To moderate their risk, companies will have to understand their data including the significant portions of dark data that are stored in a fragmented way across on premises and cloud infrastructure. Veritas provides solutions and services to illuminate dark data by:
- Visibility into Unstructured Data - Information Map, a cloud native application, helps ensure companies have better visibility into their unstructured data. Information Map gleans metadata from NetBackup and presents it in a visual navigation tool that helps customers to identify areas of risk, value and waste across their primary content repositories. NetBackup provides backup and recovery for the entire IT infrastructure regardless of platform: virtual, physical and cloud.
- Enforcing and Monitoring Data Governance – Companies need to understand who should be authorized and who is accessing personal data in the corporate file system. This is difficult given the highly fragmented storage environments consisting of file servers, cloud based services, various devices and backups and archives. Data Insight 5.1 from Veritas analyzes unstructured data and the access to it from a user perspective across different store pools including cloud services like Box. The software runs data analytics to facilitate retention management, achieve access compliance, and gain a better understanding of how user risk relates to sensitive data.
- Automatically Classifying Data – For GDPR it will be essential to know where personal data is stored, especially in unstructured formats such as excel documents, presentations, and spreadsheets. This is critical for both protecting the data and also following through on requests to correct and erase personal data. Enterprise Vault 12 delivers a centralized classification framework that simplifies the identification of meaningful or regulated information and allows for the deletion of the non-essential. The archiving software automatically classifies ingested content including emails, files, SharePoint, instant messaging, and social media. As the leading enterprise information archive vendor, Veritas provides customers that already have petabytes of archived information the ability to reclassify it in a manner that helps them to adjust their long-term information-retention policies to new regulations like the GDPR.