In one year, the General Data Protection Regulation (GDPR) will become law in the European Union (EU). This regulation is the strictest personal data privacy regulation in the world and it will impact anyone doing business in Europe or having business involving European citizens. The GDPR requires businesses to visibly protect confidential information – and places strict penalties on business that experiences a data breach. The intentions of the law are positive but will pose a challenge for many companies. Not only are the penalties strict, but they are significant: fines of up to four percent of global gross turnover or €20 million – whichever is greater.
I think it’s safe to say that companies will soon have 20 million reasons to make sure their data is secure.
A business can only be GDPR compliant if they know:
- What data is being collected?
- How and where that data is used? And finally…
- Who is sharing the data?
If that sounds simple, you are likely not the one responsible for data inside your company. The reality is that’s no easy feat; companies struggle with foundational data issues every day. Beyond knowing what data they have, they also need to move it securely and make sure it complies to regulations and laws. Can the data be recovered if it gets lost or attacked? How are you getting value from your data?
If that’s not enough to keep you up at night, look at the increasing and changing infrastructure and applications that house and create much of your data. It’s everywhere – from traditional, public and private cloud to on long-time applications, new SaaS applications and the array of micro-apps being created.
Historically, many organizations have a fragmented set of systems running across their data needs. This makes it difficult to ensure compliance to regulations like GDPR.
Unfortunately, there’s more. Another important change GDPR is enforcing is that businesses most proactively govern all third parties that process information. That adds yet another layer of complexity into the data mix. You must know where your data is, how it’s being processed and stored, and who is controlling and processing it.
To do business in a GDPR world, you need a foundation for your data – and that foundation must be rock solid. Only then can you be compliant.
GDPR is one year away. Who is minding your data?
Learn more about GDPR Compliance with Commvault.