GDPR: Centralize unstructured data governance across on-premises and cloud

You had until may 20181 to centralize unstructured data governance across on-premises and cloud

The EU’s General Data Protection Regulation (GDPR) is the most stringent and burdensome privacy mandate in the world. The penalty for major violations can be up to 20 million euros or 4 percent of your company’s annual global revenue.2

This powerful market driver has niche software vendors vying for your attention. The result is a great deal of noise and confusion as CIOs struggle to make intelligent — ideally future proof — investments.

CIOs struggled to balance their desire for consolidation and centralized management with the need to meet the then 2018 deadline and solve the immediate GDPR-related operational challenges. So point products are a great temptation.

The greatest challenge they still face is gaining control over unstructured data. Structured data solutions have built-in compliance management functionality, but how do you ensure compliance across your unstructured data sources? Endpoints? Email? Servers with hundreds or thousands of authorized users? And how do you do this in a holistic way, without adding multiple disparate point products?

The Commvault® Data Platform consolidates critical data protection, compliance and discovery operations into a single unified solution. Know what unstructured data you have, meet GDPR obligations and prove your compliance to regulators. Read on to learn what the Commvault Data Platform can do for you.

Lay a solid foundation for holistic information governance

The Commvault® Data Platform integrates backup, recovery and archiving in a way that creates a single searchable pool of your high-value unstructured information and provides a solid foundation for information governance. It gives you the visibility and control you need to meet a variety of GDPR obligations.

Gain a cross-departmental view of where personal data resides

  • Understand where all personal data lives across your enterprise, allowing you to optimize access controls, consolidate where possible and prioritize your security efforts

Rapid response to data subject requests

  • Employ proactive preservation to minimize or eliminate ad-hoc enterprise crawling and piecemeal collections, and accelerate discovery, production and erasure of personal information

Automation retention policy enforcement

  • Automate the removal of outdated data from endpoints, email, data center sources and your backup and archival copies to ensure enforcement of retention periods

Facilitate data security and privacy enforcement

  • Detect data leakage quickly, minimizing the need to crawl systems and endpoints
  • Remove sensitive data from unauthorized locations
  • Add a layer of protection against ransomware
  • Provide a quick, alternate way to assess exposure in the event of a compromise to give legal stakeholders a leg up on breach notification planning
Commvault Complete™ Backup & Recovery

Commvault Complete™ Backup & Recovery is a single solution to overcoming your compliance, eDiscovery and resilience challenges.


The power of proactive preservation

When you proactively preserve your high-value, high-risk data sources and employee endpoints and email, you create a “data lake” environment that adds value to stakeholders across your organization. You can virtually eliminate the need for the disparate data collections, full disk acquisitions and massive data dumps that drive up the processing and review costs associated with eDiscovery and investigations. Likewise, you can reduce or eliminate your use of third-party sync and share tools and expensive enterprise search platforms. Most or even all relevant data is at your fingertips.

Key CapabilitiesBenefits
Automate retention by employee, data source and/or content. Implement an intelligent compliance retention program that ensures high-value unstructured data is preserved and indexed for continuous accessibility and data with no value is pruned in accordance with your policies.
Full-text indexing of data from endpoints, email, data center sources and cloud Create a single searchable pool of information enabling fast, centralized access and analysis of both production and historic data.
Search advanced metadata via customization services Expand your ability to search classifications and tagging generated by third-party tools.
Automate removal of PII and PCI from data center sourcesAutomate removal of sensitive data, such as personally identifiable information (PII) or payment card industry (PCI) information, employing entity extraction and smart archiving to pull responsive data out of your environment, and block end user recall. Then you can to erase it from backup and production sources.
Federated searchAugment visibility into unstructured data by employing federated search to identify and report on sensitive data locations, and to identify information, employees and data sources that need to be under Commvault® software management.
“Erase” dataEasily comply with mandates, such as the EU GDPR or UK DPA by quickly locating personal data within unstructured data sources, archiving it out of the wild, and then “erasing” it from the Commvault store.
Chain of custodyMaintain an auditable chain of custody, tracking every action taken on files and emails within the system and who accessed them, to demonstrate compliance.
Role-based accessRole-based access for secure multi-party review and collaboration. Give different groups and stakeholders “windows” into the information they need to see.
Export optionsNative format, PST, NSF, HTML, or CAB, and EDRM XML.
Encryption Data is encrypted in transit and at rest.
Virtually unlimited scalabilityWe have a track record of supporting well over 100,000 mailboxes and petabytes of file data.
Deployment optionsOn premises, Cloud, Hybrid and 1, 3, or 7 year SaaS subscriptions are available for endpoint and email compliance retention with tiered per-mailbox pricing.

References

  1. http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
  2. https://iapp.org/news/a/top-10-operational-impacts-of-the-gdpr-part-10-consequences-for-grpr-violations/
  3. https://www.intralinks.com/resources/analyst-reports/ovum-report-data-privacy-laws-cutting-red-tape
  4. https://www.egress.com/en-US/news/cio-research-2016
  5. Carla Arend (2017 March) Five Essential Steps for GDPR Compliance. IDC Opinion