The European Union's new General Data Protection Regulation (GDPR) takes effect on May 25, 2018, aiming to harmonize data privacy laws across EU member states and protect the personal data of EU residents. Any organization that stores or processes EU personal data, regardless of location, must comply with the GDPR. The GDPR requires organizations to be accountable, maintain relevant documentation, limit data storage to necessary purposes only, notify breaches within 72 hours, and respect individuals' rights to access and delete their personal data. Consulting firm dcVAST offers GDPR compliance services including assessing an organization's maturity, mapping and classifying unstructured personal data, and protecting or deleting data as needed.

1. On May 25, 2018, the world’s most sweeping data privacy regulation, the European
Union’s General Data Protection Regulation (GDPR), will become law.
Mitigate your organizations financial risk and exposure due to non-compliance
1319 Butterfield Road, Suite 504 Downers Grove, IL 60515 | 800-4dcVAST (800-445-2786) | www.dcvast.com
Why Should I Care?
The regulation aims to harmonize the 28 member states of the EU and oblige organizations to be more accountable,
transparent and responsible for the data they hold. Any entity that stores or processes the personal data of EU
residents will be obliged to conform to this new law, regardless of where that organization resides.
The GDPR requires comprehensive reform and prompt action with four key mandates to follow:
General Data Protection
Regulation (GDPR) POWERED BY
Who is Accountable?
32% 10% 21% 14% 23%
CIO CDO CISO CEO Other
Inc. Legal
54% of companies haven’t physically done
anything to support GDPR readiness
Potential fines of €20,000,000
or 4% of a Groups $ revenue
Accountability & Governance - Maintain relevant
documentation on data processing activities and
implement measures that demonstrate compliance,
such as audits.
Storage Limitation - Personal data may not be kept
for longer than is necessary for the purposes for
which it was originally obtained.
Breach Notification - A notifiable breach has to
be reported to the relevant supervisory authority
within 72 hours of the organization becoming
aware of it.
Individuals’ Rights - An individual may request the
deletion or removal of personal data when there is
no compelling reason for its continued existence.

2. Adapting to the GDPR will require a different approach than what is done today. dcVAST can help
organizations become GDPR-ready and data-driven.
Data Management for GDPR
1 Pinpoint GDPR Maturity
2 Map & Classify All Unstructured Personal Data
3 Protect & Delete Data as Necessary
1319 Butterfield Road, Suite 504 Downers Grove, IL 60515 | 800-4dcVAST (800-445-2786) | www.dcvast.com
Key Assessment Outputs:
Information Governance Maturity Rating
GDPR - Specific Evaluation and Recommendations
Inputs into the GDPR Business Case/ROI Model
dcVAST can help your organization prepare for the upcoming General Data Privacy Regulation enactment
on May 25, 2018. With dcVAST and Veritas’ Data Insight, organizations can implement an Information
Governance solution that can include:
• Locating and monitoring personal information contained in unstructured data.
• Architect rules for managing unstructured data, such as archiving rules, deletion rules, etc.
• Implement intelligent retention in conjunction with Veritas Enterprise Vault.
• Monitor security access lists to help prevent over-provisioning of object permissions.
• Monitor access trends over time to help detect and document unauthorized access to sensitive information.
dcVAST provides implementation and consulting services
to help organizations prepare for GDPR
For more information or to request a free GDPR Compliance Consultation,
contact dcVAST info.dcvast.com/gdpr-compliance