When the European Union's General Data Protection Regulation (GDPR) goes into effect in May 2018, it will impact companies worldwide, not just in EU countries. Any company that stores data on EU citizens needs to comply with the regulation, which includes requirements that personal data on EU citizens can only be used for agreed purposes, citizens can review their data and request it to be deleted or corrected, and any breaches need to be reported within 72 hours.
Failing to meet those requirements can lead to major fines of up to €20 million or 4% of revenue. Yet with the deadline rapidly approaching, many companies are less prepared for this change than they think they are.
Veritas conducted a survey and found that close to two-thirds of respondents admitted they weren't in conformance with the requirements. Of the 31% that said they were prepared, questions that probed further found that only 2% were actually in compliance. Most of the organizations that thought they were in compliance can't report breaches within 72 hours, and many can't handle the requirement to search for user-specific data and delete or correct it.
The Right Tools Help Achieve GDPR Compliance
Many of the reasons businesses are struggling to comply with GDPR is that they simply don't know where all the covered data resides. Personally identifiable information (PII) isn't located just in structured databases; it's also located in spreadsheets on employees' desktops, in emails, in pdf and image files, in audio recordings of customer service interaction, and in other unstructured formats.
To find that information, look for tools such as those from Veritas. Veritas offers an Integrated Classification Engine in its Data Insight and Enterprise Vault products. The engine helps find PII hidden in many data formats, allowing companies to take control of the data and bring it under a GDPR compliance program. It includes more than 100 data patterns such as passport numbers, social security numbers, and bank account numbers, that can indicate sensitive data. False positives are minimized through confidence scores and review tools. The engine can help companies identify data that need to comply with other regulatory mandates, such as HIPAA, as well as GDPR.
Once PII is discovered, Enterprise Vault helps companies appropriately manage the sensitive data through tagging files and applying consistent retention policies.
The Right Partner Helps Achieve GDPR Compliance
Because the costs of failing to comply with the GDPR are so significant, it's important for companies that hold personal data of EU citizens to implement effective compliance policies. Choosing the right tools and working with an experienced partner are important decisions that minimize the risk of fines for failure to comply with GDPR.
dcVAST is experienced with the entire Veritas product suite as well as being a Veritas Technical Support Partner. Our team will help you leverage the Veritas tools to achieve compliance with GDPR along with a deeper understanding of the value and risks of the data you store. Contact us to learn more about how you can use Veritas products to manage your data in compliance with GDPR requirements.