What is GDPR?
General Data Protection Regulations (GDPR) will bring about the biggest change to data since the advent of the internet. In fact, the last time our data protection legislation was reviewed, the internet was in its infancy. File sharing didn’t exist and neither did the cloud.
An update is long overdue.
The problem is, the changes GDPR makes to our responsibility for protecting data calls for a whole new approach to data management. And it applies to legacy data as well as new data. For some companies that means getting to grips with literally petabytes of data.
How will GDPR affect your business?
Right to be forgotten
GDPR gives all individuals the right to be forgotten. So, that company you registered a warranty with three years ago? You could ask them to ‘forget’ you. To delete all the data they hold on you.
Sounds great, unless you’re the company needing to delete the data.
First you need to know what it is and where it is.
Data Discovery solutions can help you to identify specific sets of data amongst thousands of legacy files so you can being to manage this data.
Once you’ve uncovered this data, classifying it and managing will enable you regain control.
Data portability is another right that GDPR confers on individuals. Think back to the number of times you’ve wished your no claims certificate could be shared between insurance companies. Well, this means that you finally have a right to request this happens.
To be able to meet these demands you need to be able to identify and retrieve this data quickly and easily. Data discovery platforms can help you to find data files amongst petabytes of legacy data quickly, easily and accurately.
Once you’ve found your data, Data Classification can help you to identify data labelled ‘sensitive’ so you can ensure it is delivered in an appropriately protected manner.
GDPR specifies very specific circumstances ‘lawful rights for processing’ under which data is allowed to be kept. GDPR also applies to historical data too.
However, to purge your archives of all data that you’re not allowed to retain, you need to understand what data you have, how confidential it is and where it sits. Data discovery platforms and data classification make possible the task of retrieving and deleting those files that you shouldn’t be hanging on to.
Least privileged access
GDPR requires us to protect data. Data can only be fully protected if access is managed effectively.
These days, controlling access effectively means more than just rotating passwords regularly. You need to be able to ensure that data is only accessible to those who need access to it in order to fulfil their responsibilities. A tough task, but IAM platforms can help you to manage passwords effectively and secure data, permitting access only to those with the correct authorisation. They can even help you identify insider threats[link to IAM], but that’s a whole different story.
Overarching responsibility for data
GDPR stipulates that businesses implement measures that ‘meet the principles of data protection by design and default’.
Data classification-driven downstream technologies is a useful tool in effectively protecting your business from data loss and leakage. Alongside the development and application of policies and processes, this can demonstrate that your organisation is taking data protection seriously.
Solutions to help you achieve GDPR compliance
- Data Discovery
- Data Classification
- Identity Access Management
- Monitoring and control platforms
How HANDD can help
We’re not going to promise to remove all of your GDPR woes, but we can help you progress towards compliance.
HANDD’S independent consultants can help take a load off when it comes to finding the right platforms, managing seamless and effective roll outs of platforms that make operating within a GDPR compliant framework possible.
HANDD services include:
- Project Management Compliance (Ensure EU Data Protection Directive and other regulatory compliance mandates are met)
- Environment Discovery – Understanding what it is you are trying to protect, how and where
- Data Loss Prevention Policy Creation
- Help Building Requirements and Managing Product Selection
- System Design, Implementation and Deployment
- Training, Education, Support and Maintenance
For more information on how we can help you achieve GDPR compliance please contact us. You can read more about the specific services provided by HANDD in relation to GDPR compliance below:
DATA CLASSIFICATION & GDPR
Data Classification attributes labels to data to help us identify our personal and important files from the canteen menu and last years’ Christmas party dress code.
Read more »
DATA DISCOVERY & GDPR
Data Discovery solutions can help you uncover long lost data, so you can identify what data needs to be protected, what doesn’t, and where your data is hiding.
Read more »
IDENTITY ACCESS MANAGEMENT & GDPR
Identity Access Management platforms can help you to manage passwords effectively and secure data, permitting access only to those with the correct authorisation.
Read more »
MONITORING & CONTROL FOR GDPR
With hefty penalties for non-compliance, GDPR is revolutionising the responsibilities of organisations to protect the personal information they hold. To deliver against these rights, businesses need to be able to easily store, recall and delete data.
Read more »