Why GDPR is not just Y2K all over again, and what you can do about it, from Veritas’ Horgan
29 November 2017 | 0
Some people have compared GDPR to the Y2K bug. Behind the comparison, I suspect, is the sense that many organisations felt duped into overspending to fix an overhyped problem then. Both involved IT, both had catchy acronyms, there’s a deadline involved, and everyone’s worried about it.
The similarities end there. With Y2K, the scope of the problem was often unknowable, which is why there was confusion about its consequences. Y2K had a specific, time-related cut-off point of 31 December, 1999. By contrast, everything GDPR requires is in black and white. Compliance with it will be an ongoing process, not a once-off target to hit: 25 May 2018 is just the date when authorities will start enforcing the regulation.
To understand business readiness for that date, Veritas spoke to 900 business decision makers globally, and published the findings in our Veritas 2017 GDPR Report. It showed 31% of enterprises claim they already conform to the regulation’s key requirements. Conversely, 69% of enterprises are not prepared, with less than a year to enforcement.
Yet many respondents who say they meet GDPR requirements gave follow-up answers suggesting they are unlikely to be fully compliant. For example, 48% of this group lack full visibility over identifying personal data loss incidents. That is despite GDPR’s requirement to ensure appropriate technological protection and organisational measures to establish if a personal data breach has occurred.
“Our report found that only one in 10 enterprises believe they are responsible for ensuring GDPR compliance of data in the cloud. This is a false assumption”
More than 60% of those saying they are GDPR-ready admit their organisation struggles to identify and report a personal data breach within 72 hours. Yet failing to do so could be classified as a major violation of the regulation.
Our report found that only one in 10 enterprises believe they are responsible for ensuring GDPR compliance of data in the cloud. This is a false assumption. Even when using an external service provider to store or process data – and no matter if that data is in the private or public cloud, or on premise – it remains the responsibility of the organisation to ensure the data is protected.
Veritas 360 Data Management suite is suitable for all company sizes and, combined with the expertise of our professional advisors, specifically addresses the key areas in the regulation. The first step in GDPR compliance is gaining visibility into the personal data you hold. Our Data Insight and Information Map solutions help to alleviate the challenges of Article 30 in the regulation.
Under GDPR Articles 15,16,17,18 and 20, EU residents can request to see all their personal data and ask that it be corrected, moved or deleted. Our e-Discovery Platform forensically enhances your ability to respond to these requests rapidly.
GDPR requires you to keep personal data for only the amount of time related to the reason you hold it. Veritas Enterprise Vault, Data Insight, and Access apply appropriate retention policies that automate deletion that are specified in Articles 5,17 and 32.
GDPR requires you to protect personal data from damage, loss or breach as per Articles 5, 25, 32, 33, 34, and 35. NetBackup, Backup Exec, Data Insight, InfoScale, VRP and finally Access help our customers establish transparency into their data protection and security processes – ensuring they can fulfil audits and compliance requests. To meet GDPR’s requirement to uncover data breaches and the 72-hour notification window, investigative tools like Data Insight and Enterprise Vault can spot risky behaviours.
Lastly, being able to monitor your personal company data, ensuring continual adherence to GDPR standards – as covered in articles 5, 15, 16, 17, 18, 20, 24, 35, 42, 44 and 45 – is hugely important. Our Enterprise Vault and Data Insight are a critical part of our customers’ journey in remaining GDPR compliant.
It is unfortunate the issue has become inseparable from hype and a lot of unnecessary noise. The GDPR’s aim is to ensure organisations take data protection seriously. Veritas’ 360 Data management for GDPR delivers an enterprise-ready compliance solution that accounts for the regulation’s strictest guidelines and arms customers with a confident governance approach.
Alan Horgan, VP of EMEA sales, Veritas