Businesses need to urgently prepare for the arrival of EU GDPR compliance regulations, or risk being among the first to be penalised when the regulations take effect in 12 months’ time, according to Commvault.
Corporate complacency is one of the biggest barriers to GDPR compliance with many organisations yet to implement either suitable processes or technology. With instances of intrusions such as ransomware and leakware on the rise, failure to implement a secure data management platform can result in organisations facing damaging financial penalties.
Pegged as the toughest piece of privacy regulation in the world, and the most significant privacy regulation update since 1995 when the original Data Protection Directive was launched, GDPR was passed in April 2016 and will take effect on May 25, 2018. It is designed to pass the balance of power back to individuals in how their data is processed and has far reaching implications for any global organisation that manages personal information of EU citizens.
“GDPR has been on the radar of European countries for a while now, but we haven’t seen many organisations actively taking steps to become compliant, so now it is crunch time,” said N. Robert Hammer, chairman, president and CEO, Commvault. “You don’t want to be the company in the first week of June 2018 that is used as the poster child for the harsh reality of the penalties laid out by the regulations. “There is still plenty of time for organisations to ensure compliance in time for the May 2018 deadline, but they need to move quickly and strategically, and this is where Commvault can help.”
Commvault highlighted that it can help companies meet specific articles and principles of GDPR, including the right to be forgotten, data protection by design and by default, ensuring ongoing confidentiality, integrity, availability and resilience, 72-hour data breach notification, data minimisation principle, data transfers and portability, and more. To tackle these specifications from GDPR, the Commvault Data Platform indexes content from the data that it touches, uniquely providing a single point for organisations to locate Personally Identifiable Information in unstructured data, whether in backups, archives, core enterprise, private and public cloud environments, and also in Endpoint Protection.
The Commvault Data Platform has been built with security in mind and provides organisations with the ability to identify, mitigate and recover from cyber-attacks. Commvault utilises sophisticated intrusion detection software to enable organisations to recognise threats such as ransomware, or the lesser-known leakware, which exposes personal customer data to the public unless a ransom is paid. By being aware of ongoing threats, companies are better able to protect Personally Identifiable Information and maintain GDPR compliance– even when vital systems are under attack.
The GDPR legislation includes the new “data protection officer” concept, which is a role to monitor compliance, and it can be filled by someone from the company staff or by an outsourced vendor. Likewise, companies must adapt their own systems or go for an outsourced approach.