The document discusses strategies for enterprises to comply with the EU General Data Protection Regulation (GDPR) by effectively managing their data through classification, minimization, and secure handling. It emphasizes the importance of leveraging existing e-discovery practices and technology to streamline data governance, particularly in the context of unstructured data. Key recommendations include conducting content inventories, analyzing backup stores, and utilizing specialized file analysis tools to support GDPR compliance efforts.

1. Building the Governance Ready Enterprise:
How to Comply with the GDPR

2. Gartner:
the
world’s
leading
research
and
advisory
company
“The European Union General Data
Protection Regulation will have a major
impact on how enterprises manage
structured and unstructured content.”
“Infrastructure and operations leaders
should look to existing practices in areas
such as e-discovery, as well as new
technology adoption.”
Gartner Publication: How to Implement File Analysis for GDPR Challenges
Published: 10 October 2017 ID: G00341712

3. Index Engines’ data governance
software implements a workflow to
bring personal data into compliance
with the GDPR".
No other solution can support large
scale data environments which
include both primary storage as
well as data archived in backup.
Classify
Organize data
based on risk
Classify
Organize data
based on risk
Minimize
Eliminate ROT
data
Minimize
Eliminate ROT
data
Search
Search all
data sources
Search
Search all
data sources
Manage
Support
defensible
disposition
Manage
Support
defensible
disposition
Protect
Secure
sensitive
content
Protect
Secure
sensitive
content
Monitor
Audit to GDPR
policy
Monitor
Audit to GDPR
policy
GDPR
Personal
Data
Part 1: Classify & Clean
Part 2: Search & Find
Part 3: Manage & Protect
Part 4: Monitor & Audit

4. Gartner
Recommendations
• Conduct a content inventory to identify
islands of data relevant to GDPR compliance.
• Analyze backup stores, because they're the
greatest challenge when preparing for
events such as GDPR compliance.
• Use file analysis tools that provide a wide
array of capabilities, including classification,
full text indexing and data movement based
on policy.
• Build on and leverage current e-discovery
practices and personnel, and refine in
preparation for GDPR compliance.
• Apply GDPR compliance initiatives to better,
long-term data governance initiatives; this
could include archiving as a means of
responding to other governance events and
regulations.
Gartner Publication: How to Implement File Analysis for GDPR Challenges
Published: 10 October 2017 ID: G00341712

5. Unstructured data storage is mostly
unmanaged and at a cost of $1.6M
per petabyte* is adding
unnecessary complexity and
expense towards GDPR compliance
Index Engines clients can
achieve an ROI by streamlining
data management polices in
support of the GDPR
Companies will spend an average of €1.3 million
($1.4 million) on systems to comply with the
GDPR
*Cost per PB metric from Gartner:
IT Key Metrics Data 2017: Key Infrastructure Measures: Storage Analysis: Current Year Published: 12 December 2016 ID: G00316636

6. Classify Data
Best Practice Workflow
The first step to compliance is quickly classifying all your data into
one of three categories: data with no business value, data clearly
out of scope to the GDPR, and data that may be in scope to the
GDPR. This will take a large data environment and narrow it to a
focused data set that can be easily searched.
Key Product Features:
• High speed, in-place metadata indexing
• Support for unstructured files and email
• Only solution to support backup data
• Comprehensive reporting & analysis
ClassifyClassify
MinimizeMinimize
SearchSearchManageManage
ProtectProtect
MonitorMonitor
GDPR
Data

7. Use metadata to
classify data into logical
categories.
This will create a
focused data set for
GDPR queries
M i g r a t e t o C o l d
S t o r a g e o r P u r g e
40%46%
R O T D a t a
O u t o f S c o p e D a t a
M o n i t o r - I g n o r e f o r G D P R
14%
I n S c o p e D a t a
F o c u s o f G D P R Q u e r i e s
Classify In-Scope Data

8. Data Minimization
Best Practice Workflow
Up to 40% of the data in a typical enterprise can be classified as
ROT. Redundant, trivial and obsolete content is clogging networks
and making the management of personal and sensitive content an
unnecessary challenge. Cleaning out ROT data will streamline
support for the GDPR and also free up budget what will help pay
for GDPR technology.
Key Product Features:
• Analysis of redundant, obsolete & trivial data
• Cloud migration or defensible deletion of ROT
• Streamline data center & reclaim capacity
• Significantly reduce data storage expense
ClassifyClassify
MinimizeMinimize
SearchSearchManageManage
ProtectProtect
MonitorMonitor
GDPR
Data

9. Data
Minimization
ROI
Index Engines allows for
intelligent migration of data
to more cost effective
sources based on policy.
Data that has outlived its
business value, can be
migrated to very low cost
cloud storage or purged.
This includes ex-employee
content or ROT data.
Eliminating this content
from the data center will
deliver significant cost
savings incurred by
managing on premise
storage.

10. Search Data
Best Practice Workflow
The definition of personal data in the regulation is vast.
Implementing a search solution that will ensure you find
everything, even when you don’t know what you are looking for, is
critical. Index Engines delivers the most extensive and
comprehensive search options, including the use of machine
learning algorithms for data that is hidden deep.
Key Product Features:
• Highly efficient content indexing
• Flexible search option to find personal data
• Keyword, Boolean, pattern, conceptual search
• Find data with considerable precision
ClassifyClassify
MinimizeMinimize
SearchSearchManageManage
ProtectProtect
MonitorMonitor
GDPR
Data

11. Don’t Forget
Backup Tapes
For decades, organizations have been storing
personal data in backup images on tapes and disk,
data that is now subject to the GDPR.
Only Index Engines can cost effectively find that data
as easily as it can find online data.
“Enterprises often engage in the long-term retention
of backup, to the point where the data is
unrecoverable or unretrievable in any meaningful
way. Thus, it serves no business or operational
purpose, but creates a potential hazard to GDPR
compliance.” *
*Gartner Publication: How to Implement File Analysis for GDPR Challenges Published: 10 October 2017

12. Data Management
Best Practice Workflow
Once data is classified, tagged and organized, it can easily be
managed. Disposition of content is integrated with Index Engines
and allows for migration, archiving or deletion of content based on
your polices. This supports the GDPR’s requirements to access
and manage personal data.
Key Product Features:
• Integrated disposition: migrate, copy, delete
• Monitor data in place
• Defensible deletion of data with no value
• Integrated archiving of sensitive content
ClassifyClassify
MinimizeMinimize
SearchSearchManageManage
ProtectProtect
MonitorMonitor
GDPR
Data

13. Protect Data
Best Practice Workflow
Most security software will tell you that something happened
after the fact. With Index Engines you can proactively audit your
sensitive content and determine if there are employees who are
able to access or have accessed data they should not. Cleaning up
and securing this data will help prevent data breaches and
manage exposure.
Key Product Features:
• Proactively purge or secure sensitive content
• Monitor activity logs to find rogue users
• Control access to sensitive files via ACL audit
• Be more proactive with sensitive content
ClassifyClassify
MinimizeMinimize
SearchSearchManageManage
ProtectProtect
MonitorMonitor
GDPR
Data

14. Monitor Data
Best Practice Workflow
Organizations will need to show compliance with the GDPR
through the use of technology and sound policies. Index Engines
supports the Data Protection Officer with auditable workflow and
defensible processing of data. This ensures user content will be
continually managed using a reliable and sound methodology.
Key Product Features:
• Automated indexing and classification
• Monitor data in place based on policy
• Schedule and run stored policy queries
• Automated reporting with email notifications
ClassifyClassify
MinimizeMinimize
SearchSearchManageManage
ProtectProtect
MonitorMonitor
GDPR
Data

15. Contact
Index
Engines
Today
 Start small and grow with
upgradable solutions.
 Tap into our Assurance
Program that delivers the
consulting and software
you need to get started.
 Leverage our world class
advisory partners for
reliable and sound advice
 Talk to the experts at
Gartner about Index
Engines
Get the GDPR Playbook here:No other technology can meet the demands of the
EU GDPR and also deliver cost control and ROI www.indexengines.com/GDPR