Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
After four years of intense debate, scrutiny and political posturing, one of the most sweeping reforms...
There are a myriad of new rules and requirements that need to be considered, covering wide rang...
Veritas Technologies LLC enables organizations to harness the power of their information, w...
Upcoming SlideShare
Loading in …5

The general-data-protection-regulation en (1)


Published on


Published in: Technology
  • Be the first to comment

  • Be the first to like this

The general-data-protection-regulation en (1)

  1. 1. A GLOBAL REGULATION After four years of intense debate, scrutiny and political posturing, one of the most sweeping reforms to European data protection laws is here in the form of the General Data Protection Regulation (GDPR). But its reach goes well beyond the borders of the member states – it will be felt globally. All organizations use personal data, be they public or private, global finance or fashion retailer, and any entity that stores or processes the personal data of an EU citizen will be obliged to conform to the new law, regardless of where they reside. No other ruling comes close to the scale of the GDPR. Its aim is to harmonize and refresh laws that have been in place for over 20 years and bring power and control back to the citizen of their personal data, which in our modern digital world is vital to the global economy. There are many parts to the ruling and non-compliance will be dealt with by heavy financial penalties - ripple effects that could affect brand integrity and reputation. The change is needed. Regional data privacy outside of Europe has for many years taken on a sectorized and vertical approach in businesses like Telecommunications, which has hampered integration with other industries where data plays an intrinsic role, The GDPR is taking the right approach to the protection of privacy with a more horizontal view, across all sectors and geographies. IT’S ABOUT DATA With data at the core of the way modern businesses operate, the form, function and location of it needs to be prioritized. Structured and semi- structured data, residing in databases and transactional systems are self-governing by the nature of their management tools and software. The biggest concern resides in unstructured data which organizations globally have been collecting, storing and hoarding for many years, populated on a multitude of filers, SAN’s, proprietary tape systems and now more prevalently in cloud repositories. Unstructured data is set to be 79% of all stored business data by 2017.1 Technology and collaboration systems have accelerated in performance and scale and allowed us to expand beyond our own ability to control good behavior and governance in what we chose to store or delete. This has lead to us treating our corporate systems as dumping grounds for untagged, unclassified, duplicate and eventually forgotten data which becomes orphaned, stale and at worst – dark. In two recent reports produced by Veritas2 , 52% of data stored by organizations was considered dark and 41% of business data held in the backup environment had not been touched in over 3 years, and 12% not accessed in over 7 years. With the average number of files at 2.3 billion per Petabyte and growing at 39% each year, the risk of holding unnecessary, redundant and potentially non-complaint data increases exponentially. THE GENERAL DATA PROTECTION REGULATION LET THE DATA PRIVACY REVOLUTIONS WORK FOR YOU 1. IDC 2014. 2. Veritas Global Databerg Report and Data Genomics Index
  2. 2. NEW COMPLIANCE OBLIGATIONS There are a myriad of new rules and requirements that need to be considered, covering wide ranging areas such as transparency and breach disclosure, privacy by design, privacy impact assessments and how organizations obtain consent to use personal data. This will challenge all departments involved and the systems that service them. From IT to Marketing to HR, teams that work with customer data and external agencies need to be mindful of the flow and ownership of data and who is ultimately the controller or processor. But the enhanced rights given to citizens over their personal data is set to become a real focus in the ability for them to demand the right to be forgotten and portability around their data. Structured and semi-structured data by their embedded management tools go some way to respond to this. However, for the sea of unstructured data, IT departments and business functions need to design their approach to one of the Ability to be Found, using tools to bring visibility, insight and order to those billions of files and make faster decisions on what should be extracted for value, retained for compliance and searched for discovery in the event of regulatory inquiry or access request. It will not be enough to be compliant by accident and records management, policy and processes will need to be modernized and documented to encompass the breadth of where and what comprises personal data to be removed under request. Former employees photos would seem obvious, and their expenses may need to be kept for legal obligation of financial reporting. But what about tweets put out by the company referencing the former employees? This is where organizations have to take reasonable steps to inform controllers that a data subject has requested the erasure. LEGACYAND BIG DATA Applying these rules as data is collected or created in real time is a task that could be considered practical to apply, but many companies have a ball and chain around their IT neck – their legacy data. A vast amorphous lump of unstructured data that they refuse to let go of, held on assumptions that it must contain value to be extracted at some point in the future or ingested into a Big Data engine to deliver trends or reveal hidden marketing secrets. The reality is much of it is human created ROT – redundant, obsolete or trivial data that should have been eliminated a long time ago, Instead it has been migrated, archived or retained, often losing ownership or critical information around it’s original value or purpose – while still potentially containing data now deemed personally identifiable. Under the new rules, that blanket approach is no longer acceptable as any retention period must be both necessary and proportionate to the purpose under which it was collected. In the case of a merger, acquisition or takeover, where great care and due diligence is taken over the past and potential future financial health of a business, it will become equally important to consider a review of the data within the business and it’s hygiene to ensure no hidden ‘Trojan horses’ breach the new regulations, simply because their existence was not known. Another major consideration that the GDPR brings is giving regulators considerable powers to impose huge financial penalties for non-compliance, with a maximum 4% of global turnover. This could run to the tens of millions of dollars, pounds or euros for serious cases, a huge risk for businesses to consider.
  3. 3. ABOUT VERITAS TECHNOLOGIES LLC Veritas Technologies LLC enables organizations to harness the power of their information, with solutions designed to serve the world’s largest and most complex heterogeneous environments. Veritas works with 86 percent of Fortune 500 companies today, improving data availability and revealing insights to drive competitive advantage. A NEW APPROACH IS NEEDED This is why forward thinking leaders are taking the opportunity to embrace what the GDPR is enforcing and use it to bring together key stakeholders, departments and business functions that formerly operated within silos and align them to review end to end processes, policy and procedures to bring them in line with modern data regulations. By taking a holistic view of information governance they are able to turn the huge amount of unstructured data into available and usable information assets, optimize storage to reduce costs and increase efficiency and better asses their risk and compliance exposure. By gaining visibility and key insights into their entire data estate they can make informed decisions into where orphaned and stale data clog primary systems and take steps to retain what is needed or defensibly delete what is not. They find that not all retained data is equal and employ advanced methods of classification that help drive better policy and business value and ultimately ring-fence customer data at an organizational level. By employing integrated solutions to automate workflow and discovery, a model of proactive information management can be reached, banishing dark data from the organization and unleashing time and resource back into key delivery functions. Changing the attitudes and behaviors of how employees treat corporate systems will allow them to become custodians of corporate information and adopt a culture where bad data is seen as a pollutant to the organization. SUMMARY The GDPR is far reaching, detailed and will involve considerable change to business processes, functions and attitudes towards collecting and processing data. Embracing adherence to the GDPR should be seen as an opportunity to reform not just for privacy, but for business agility, IT innovation and brand integrity. Understanding the role and importance of Information Management and Governance in data privacy will be a key success factor for all organizations with EU customers. Veritas enables you to gain visibility, take action and assume control with solutions and services that provide protection, availability, resilience and governance for your most important asset – your data. For specific country offices and contact numbers, please visit our website. V0225 5/16 Veritas Technologies LLC 500 East Middlefield Road Mountain View, CA 94043 USA +1 (650) 527 8000 1 (866) 837 4827 © 2016 Veritas Technologies LLC. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of Veritas Technologies or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.