Call Us Today: 0207 157 9845

GDPR – New data protection regulation with worldwide impact

Specialising in the provision of Backup as a Service and Disaster Recovery as a Service solutions using Rubrik technology.

General Data Protection Regulation – New data protection regulation with worldwide impact

From 25 May 2018, the EU General Data Protection Regulation (GDPR) will affect every UK organisation that processes the personal data of EU residents.  Its aim is to standardise data privacy laws across Europe and protect the data of EU citizens.

More extensive in scope and application than the current Data Protection Act (DPA), the GDPR Regulation extends individuals’ data rights and requires organisations to develop clear policies and procedures to protect personal data and adopt whatever technical and organisational measures are appropriate to identify risks.

The GDPR’s definition of personal data reflects changes in technology and the way companies gather information; it makes it clear that information such as an online identifier, for example an IP address, can be considered as personal data.

Organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater

Key GDPR changes that impact data management and how Rubrik can help meet compliance:

The GDPR introduces a number of key changes for organisations

GDPR changes How Rubrik helps meet compliance
Accountability – the most significant addition, which requires you to show how you comply with data privacy and protection through technical and organisational measures (Article 5).
  1. Rubrik uses just one interface to easily manage the life cycle of data.
  2. Custom reporting available on retention, compliance and capacity.
  3. Reports cover data wherever it resides.
Right to be forgotten (Article 17) – companies are required to delete personal data when this is requested by a person. Rubrik can identify any data to be deleted through its global predictive search. This identifies data wherever it resides.
Defining use cases and managing consent (Article 6) requires businesses to layout a clear use case for collecting data and then deleting it afterwards.  The correct data retention and deletion policies are required.
  1. With Rubrik, is businesses can create retention policies that map to SLAs, as well as identifying which data should receive these policies.
  2. Rubrik automates the implementation of these policies and the reporting then identifies if these are compliant.
Data Protection by Design and Default (Article 25) states that data protection must be designed into the development of business processes from the start.  Article 23 also states that companies should only hold the data which is absolutely essential for the completion of a particular activity and that any access to data must be limited.
  1. Rubrik provides encryption on data at rest and in transit, wherever it resides.
  2. Companies can also define granular control of data via access controls which map specific roles to specific data sets; this ensures that only the right staff have access to specific data.
State of the Art (Articles 25 and 32) recommends that businesses use IT solutions and processes that protect personal data and using well-known data protection solutions helps with this. Rubrik’s data management solution using a unified console helps businesses to easily manage their data, whether it is onsite, at a data centre or in the cloud.
Article 32 -businesses must assess the risk of accessing data and adopt the correct level of security, including being able to restore data. This ability should be tested regularly.
  1. Rubrik enables businesses to use Live Mount and API-first platform to automate file and application recovery, as well as to test their DR plan without interrupting production.
  2. Rubrik stores data in an immutable format, meaning that businesses can recover from any data breach or attack quickly and without data loss, downtime or paying a ransom.
Companies using cloud services must understand what data is stored there, as well as where it is stored and how this storage is compliant. Rubrik enables businesses to customise reporting to analyse what data is stored in the cloud, where it resides and if its storage is compliant.

For further information on how Rubrik can help your business with GDPR compliance, please contact us.