One of the strictest data privacy laws comes into effect on May 25th, 2018 – GDPR Compliance.
The General Data Protection Regulation (GDPR) is almost here and many organizations are still unprepared to hit the compliance deadline in four short months. In fact, according to a Commvault survey, 87% of surveyed CIOs believe their current policies and procedures leave them exposed to risk under GDPR Compliance. Moreover, 58% of US surveyed respondents believe their companies will be fined under GDPR. With less than a few months to go, organizations need to evaluate their data and generate a plan to move forward.
Our solution? Building a streamlined foundation for GDPR compliance with centralized data management and retention with Magna5.
What is GDPR?
GDPR will have a huge impact on how organizations collect and manage the personal data of EU residents – even if you’re not located in Europe. No matter the location of your organization, if you aren’t compliant with the new regulation you can face audits and fines up to 20 million euros or 4% of your company’s annual global revenue.
GDPR compliance specifies the processes and technologies organizations must have in place to ensure the personal data of EU residents is secure, accessible, and managed appropriately – only with consent. This strict privacy mandate lays out a number of obligations that must be followed:
- Data Minimization: Collect and keep as little personal data as possible
- Data protection by design: Protect data against misuse at every stage of lifecycle
- Right to be forgotten: Upon request, data must be deleted
- Data transfer and portability: Upon request, data must be transferred to another provider
- Managing consent: Obtain consent, retain proof of consent and delete data once the use case has ended
- 72-hour breach notification: Notify affected users with extent of breach
- Integrity and availability: Following an outage or failure, access to data must be restored quickly
- Accountability: Log and audit trails must be given for all data consents, request and remedial actions
The biggest struggle with GDPR
Many organizations are finding their current data consumption and management is not following suit. Therefore, these new processes are becoming very burdensome to IT professionals. CIOs are struggling to balance consolidation and centralized management with the need to meet and solve related operational challenges by the May 2018 deadline.
The greatest challenge they face is gaining control over the vast amount of unstructured data. How do you ensure compliance across all your data sources – endpoints, email, servers, mobile devices, clouds, applications, analytic tools, dev/test copies, etc. Just think about how many copies of data might be within your organization and how many authorized users have access to this data. If someone in the EU asks you to delete their data, do you know where it lives? How do you handle these challenges in a holistic way, without having to add the headache of managing multiple pin-point products?
There are so many areas that GDPR affects that it’s hard to even scratch the surface – and unfortunately there is no “magic wand” to make it easier. Organizations have to consider their business choices, processes, and of course technology. To ensure compliance, organizations will have to likely make fundamental changes to the way they look at data collection, storage and management.
Simplify GDPR Compliance with Magna5
Magna5’s data backup and disaster recovery service integrates backup, recovery and archiving in a holistic manner to create a single searchable access point for all your structured and unstructured data – no matter where it is located. With the centralized search and analytics of our deeply integrated software, we can simplify an organization’s data landscape by reducing data exposure, preserving and protecting critical information, and creating a simple and efficient single-location to manage compliance.
Zach Cameron, Cloud Services Manager, Magna5, explains, “GDPR is a robust compliance mandate that, unfortunately, cannot be magically fixed for organizations in a snap of a finger – but it can be simplified and made easy with a streamlined solution. Magna5 has partnered with Commvault to offer a deeply integrated data backup and disaster recovery service that not only protects and secures organizations’ critical information – it simplifies the way organizations meet GDPR compliance.” Zach continues, “We are able to use our platform to search for data across all locations, no matter if it is on-premise or in the cloud. We can identify the presence of data, encrypt data, create special retention policies, support the erasure of data, maintain proper redundant data, and maintain reports for audits.”
Magna5’s data backup and disaster recovery solution is powered by best-in-class software from Commvault – a Magic Quadrant leader for 7 years. Commvault software eliminates the need for multiple pin-point products to manage your data while improving operational efficiency. Effective search technology that can identify data across the entire data landscape can help an organization quickly locate and process data as required to meet GDPR compliance.
While GDPR compliance is challenging and creating data consumption strife for many organizations, there are operational benefits that come within the changes. Once an organization is properly compliant, you can manage data in a valuable and relevant way that can be used to drive improved outcomes, thoughtful analytics and more effective resource utilization. But – before you can reap the benefits, you must tackle the GDPR compliance hurdle.
GDPR compliance will come into effect in a few short months, is your organization ready? If your organization is still struggling to meet compliance or have questions on where to start, contact the experts at Magna5 today.