Member Article

May the GDPR force be with you

Lightsabers, Stormtroopers and Jedi Knights are making a return to cinema screens as ‘Solo: A Star Wars Story’ launches in the U.S. on 25th May, but this isn’t the only big event happening on this day as the General Data Protection Regulation (GDPR) is also due to come into force across Europe. With many organisations yet to become compliant, they may soon find themselves on the ‘Dark Side’.

To make sure the force is with you, IT industry experts have provided some last minute tips and tricks to ensure that GDPR implementation is a force of good for your organisation this May.

“A long time ago, in a galaxy far away, discussions began in the EU about the need to update data protection laws. Many moons have passed and on May 25th the EU’s mission will be complete. In order to comply with these new laws, organisations must universally deploy strong protection and detection capabilities to protect themselves, their systems and their customers’/employees’/patients’ data against the dark side - or rather cyber criminals” says Luke Brown, VP EMEA at WinMagic.

“Ensuring that data is encrypted wherever it resides – whether that’s on Princess Leia’s iPad, Luke Skywalker’s Lightsaber or the Millennium Falcon’s servers - means that in the event it did get stolen, no–one could profit from, or even understand, that data. Under the new rules of GDPR, any such event would not count as data breach, or a notifiable loss of data, and could save organisations millions of galactic credits.”

Marianne Calder, VP & MD EMEA at Puppet acknowledges, “the introduction of GDPR means businesses of all sizes are having to get smart about how they collect and store data. In ‘A New Hope’ The Rebel Alliance relied on R2-D2 to store important information on the stolen Death Star plans; and in ‘The Force Awakens’ – BB 8 held maps that showed the location of Luke Skywalker. These proved effective ways to store data, but for those looking to comply with the GDPR, more stringent data protection will have to be implemented.

“Managing data correctly will be time-consuming and costly, but automation of policies and procedures can ensure security and compliance in any infrastructure at any scale. In order to demonstrate compliance, it is important to be able to document this process. By automatically creating audit trails across the board, companies will be in a position to present all necessary documentation at any given time. Only then will the GDPR force be with you.”

“The uncertainty around GDPR - combined with the threats of Jabba-sized fines - mean people are still wary of the impending law. But do not fear, for fear is the path to the dark side.” Gijsbert Janssen van Doorn, Technology Evangellist at Zerto advises that “there are platforms out there that use continuous data protection (CDP), that can help you and your fellow Jedi combat and prevent the loss of data and ensure the availability of replicated data for full IT resilience. You may need to migrate all data from one cloud provider to another, in line with what best fits your needs when it comes to compliance and data residency. Uninterrupted operations is possible in this difficult data migration process, but can only be achieved when the IT resiliency plan is easy to implement, easy to test, automated and cloud-friendly. Whether you’re a small business down in Jakku, or a larger enterprise on Tatooine, having an up-to-date, rigorous IT resiliency plan in place can prevent any lasting damage that could occur from a potential breach or loss.”

Tom Harwood, chief product officer and co-founder at Aeriandi states “GDPR will be a force for good, protecting personal data from Imperial misuse throughout the galaxy. Technology will be needed to support the rebellion. Already helping address compliance challenges in the voice space, RegTech solutions will play a crucial role in this rebellion. Just imagine how much personal data is held within contact centre call recordings. With GDPR offering customers new rights to access, view and delete this data, how can companies ensure they can offer this capability? Every business must ensure its contact centre has the best support for storing, archiving and crucially, retrieving call data quickly, following a customer request. They’ll need a ship that made the Kessel run in less than 12 parsecs.”

But Neil Stobart, VP of Global Systems Engineering at Cloudian, shows concern as the 25th May draws close. “You may find my lack of faith disturbing, but the fact is that many organisations aren’t prepared for GDPR. Data gives organisations power, unlimited power! But the new regulations mean that businesses need to be able to pinpoint where specific data is. That’s why, although object storage cannot by itself make you compliant, the temptation of metadata may lead some down the object storage path - but only you can change the storage solution.

“I am no GDPR Jedi, but for me, a simplified checklist would include first ensuring that existing data meets legal guidelines. Also, put an appropriate technology solution in place for data protection so that it will be consistently held in a compliant fashion moving forward. Additionally, make sure the storage solution enables search – so you know exactly what you have – and lets you manage the physical location of data.

“With these, the GDPR force runs strong in your organisation. Pass on what you have learned.”

This was posted in Bdaily's Members' News section by Industry Experts .