GDPR: Where do I start?
As we engage with our customer base, awareness of General Data Protection Regulation (GDPR) is starting to grow. Most CISOs and CIOs are at least aware of the regulations (and the stiff penalties). They also are becoming aware that compliance with GDPR is about a year out, as the date for compliance is May 25, 2018.
Protecting personal data has always been an important issue in the European Union (EU), especially in the last 20 years. However, the new GDPR takes data protection to an entirely new level. In addition to a new set of legal requirements that necessitate both organizational and technological responses, the GDPR is applicable to almost every organization around the world that collects or processes EU Citizens’ personal data. That means that any business that controls and/or processes personal data of EU citizens falls under the GDPR scope, whether or not that business is located in the EU. Even third-party data service providers or cloud service providers that process data for enterprises that control personal data could also be liable for GDPR penalties.
Got it. Now where do I start?
The GDPR is a long read with 99 articles in fairly dense regulatory text. There are many stakeholders to satisfy, and it can be difficult to map the articles to IT use cases. But most would agree, the #1 challenge is: how to get started.
Here’s how we can help. This week, Hewlett Packard Enterprise (HPE) Software announced the availability of a GDPR Starter Kit, which helps organizations take a critical first step in preparing for GDPR. This bundled set of software solutions assists organizations to automatically identify, classify, and take action to secure information that falls under this regulation.
There are many reasons getting started may be the greatest challenge for many organizations, for example, “data volumes often number in the billions of objects, timeframes are constrained, and determining what falls within these regulations can be cumbersome and complex,” said Joe Garber, vice president marketing, Information Management & Governance, HPE Software, in the press advisory. “The GDPR Starter Kit provides customers with an easily integrated solution set for assessing data, allowing them to take the first step in addressing data and risk management outlined in the regulation.”
The GDPR Starter Kit follows HPE’s earlier launch of a comprehensive GDPR solution portfolio, and aims to provide organizations with streamlined next steps on their paths to compliance.
GDPR Starter Kit Includes:
The GDPR Starter Kit combines world-class software, including HPE ControlPoint, HPE Structured Data Manager, HPE Content Manager and HPE SecureData in bundled solutions to help customers conduct a Personal Data Assessment and optionally encrypt data that is subject to these regulations. This unique combination of classification, information governance, and data security delivers a number of important benefits:
- Automate assessment of structured and unstructured data, which alleviates a traditionally manual, error-prone process.
- Quickly and cost effectively encrypt data to mitigate security breaches.
- Take a critical step toward lifecycle and retention management to enable compliance with additional GDPR articles and corporate governance requirements.
Consulting firm PwC has just released a new GDPR-themed white paper titled, “Technology’s role in data protection – the missing link in GDPR transformation.” This new white paper is a great resource that echoes the Starter Kit’s theme of starting your GDPR journey by assessing your data. The white paper provides a framework for practitioners and regulators on evaluating GDPR technology. At its most fundamental level, it is describing data management best practice in the context of the GDPR, something we advocate, too.