Brand Arrow

GDPR Compliance

GDPR is almost here. And it’s huge. Will you be ready?

Find out what organizations are doing to get ready.

The General Data Protection Regulation (GDPR) is almost here. Will you be ready when the world's strictest data privacy law comes into effect on May 25, 2018? Build a foundation for GDPR compliance now with a centralized approach to data management and retention.

The GDPR will have a huge impact on how you collect and manage the personal data of EU residents, even if you're not located in Europe. With less than one year to go, you need to start developing a plan today — or face audits and fines of up to 20 million euros or 4% of your company's annual global revenue.

87% of surveyed CIOs believe their current policies and procedures leave them exposed to risk under GDPR

Commvault software is a key foundational element for GDPR compliance. We consolidate critical data protection, compliance and discovery operations in one unified solution, giving you visibility into all the personal data you store, whether on-premises or in the cloud. This makes it easy to meet your GDPR obligations — and prove your compliance to regulators.

What is the GDPR?

The GDPR specifies the roles, processes and technologies organizations must have in place to ensure the personal data of EU residents is secure, accessible, is used appropriately and with consent. Its articles and principles set out a number of obligations you may need to address, including:



  • Data protection by design: Protect personal data against misuse at every stage of its lifecycle
  • Data minimization: Collect and keep as little personal data as possible
  • Right to be forgotten: Delete all of an individual's personal data on request
  • Data transfer and portability: Move an individual's personal data to another provider on request
  • Managing consent: Define specific uses cases when obtaining consent, retain proof of consent and delete data once the use case has ended
  • Seventy-two (72) hour breach notification: Determine the extent of a breach and notify the affected users
  • Integrity and availability: Restore access to personal data quickly following an outage or failure
  • Accountability: Log and provide audit trails for all data consents, requests and remedial actions

If you can't meet these requirements, you'll face stiff financial penalties, jeopardize your reputation and lose customers.

The GDPR has far-reaching implications for organizations around the world, not just those in the European Union. Every organization that collects or processes the personal data of EU residents is subject to the GDPR and must comply, no matter where they're located. This includes companies in post-Brexit United Kingdom, the United States and elsewhere.

Learn more about the key GDPR principles you need to know - and five best practices for compliance you can use today.

Data complexity hinders compliance

The biggest challenge in complying with the GDPR is the fact that personal data can be located anywhere. Just think about how many copies of someone's personal data might be spread across your organization:


If an individual asks you to delete their personal data, do you know where it all lives?

How will you ensure compliance with the GDPR across all your unstructured data sources? Laptops, mobile devices and other endpoints? Email? Personal clouds? File servers and content management systems with hundreds or thousands of authorized users? Dev/test copies? Business intelligence and analytics applications?

To comply with the GDPR, you'll likely need to make fundamental changes to the way you look at data collection, storage and management. That will take time, making it important you take steps now to start complying with the new law.

"As a clear message of compliance 'or else,' the guidelines for penalties have been set high enough that just planning on paying the fine is a poor strategy."

- Gartner, "A Platform for GDPR Compliance"

Simplify GDPR compliance with Commvault

Commvault software integrates backup, recovery and archiving in a way that creates a single searchable pool of all your structured and unstructured data, no matter where it's located. By simplifying information governance, Commvault gives you the visibility and control you need to meet your GDPR obligations.

By knowing exactly where personal data lives across your organization, you can:

  • Identify the presence of personal data in all data locations
  • Automate special handling of information with standard data policies (i.e., access control, security, encryption, retention)
  • Support the export and erasure of personal data from all data sources
  • Detect and delete unneeded copies of personal data
  • Maintain an auditable chain of custody on an individual's personal data
  • Understand data leakage risk and speed up data breach analysis

By eliminating the need for multiple point products to manage your data, Commvault software does more than just lay a foundation for GDPR compliance — it also helps you improve operational efficiency, gain business advantage and boost employee productivity.1

Learn More

Here are selections from our resource library, which includes a wide range of videos, customer case studies, datasheets, whitepapers and more to further explain how Commvault can help you make your data work for you.

The Business Benefits of GDPR Readiness

Watch webinar

GDPR: Inside a Data Breach

Watch webinar

GDPR Blogs

Read related blogs