GDPR. Four letters that change everything. Are you ready?

GDPR. Four letters that change everything. Are you ready?

The EU General Data Protection Regulation (GDPR) – which takes effect May 25th, 2018 - is the most significant and comprehensive global data privacy regulation ever developed. It presents any organization that collects personally identifiable information of EU citizens with two choices: Ensure sensitive customer data is kept secure and protected or face severe financial penalties and damaging reputational consequences.

Key challenges presented by GDPR

  • Increasing complexity to ensure compliance – CIOs are already dealing with how to keep their business protected and their data secure in the context of an evolving threat landscape.  But the scope of the GDPR substantially increases their data protection obligations and risk profile. Achieving compliance with the GDPR’s requirement for “privacy by design” requires a time-consuming shake up of data security and protection processes which touches every part of the organisation.  Considering the short preparation period, many CIOs are unsure where to start first.
  • Risks, threats and vulnerabilities are growing in both variety and volume – To ensure GDPR compliance, CIOs need to be confident that their IT security and data protection capabilities will address evolving infrastructure threats.  However, they are concerned that they are not protected from malware-infected firmware and that their network security policies are inconsistent.  They also need to ensure that data protection does not become a costly and unreliable bottleneck for their flash workloads and that their mix of hybrid IT infrastructure is available and protected.
  • The stakes are high - GDPR has sharp teeth. Compliance is not an option – it is a requirement. The financial impact and reputational damage of non-compliance changes the risk equation significantly, making data protection an executive boardroom and investor-level concern as opposed to a purely IT issue.  Mandatory breach notification within 72 hours - to regulators and customers - means there is no hiding place for organizations that fail to protect personal data.  The financial penalties for non-compliance can also be prohibitive, resulting in fines of a maximum of up to €20 million or 4% of global annual turnover, whichever is the greater.
  • Time is running out - The deadline for GDPR compliance is only a year away and yet many organizations have failed to begin any work on ensuring that their data protection processes are compliant.  Many customers may not even realize that their current infrastructure security represents a weakness.  Most organizations will struggle to meet the May 25, 2018 deadline. According to Gartner “By the end of 2018, over 50% of companies affected by the GDPR will not be in full compliance with its requirements.”

Key opportunities presented by GDPR

  • GDPR is an opportunity for security and data protection modernisation - View adaptation to the GDPR as an opportunity to transform the way you protect and secure your business. If your server, networking and storage infrastructure is more than 2 years old, it is likely that it will be insufficiently “state of the art” as required by the regulation.  Now is the time to modernize legacy systems and processes! The right data protection and security governance approach delivers not just compliance, but business advantage. Comply with confidence, grow the trust of your customers, and make GDPR a positive differentiator for your business.
  • Secure and Protect Hybrid IT - Ensuring security and protection for your mix of hybrid infrastructure - from traditional and virtualized to private cloud - is critical to powering your new and legacy applications and workloads. Not that long ago organizations deployed security strategies focused on blocking and securing the perimeter, locking down users, access and data. In a hybrid world the perimeter has dissolved.  Your users are interacting with your data and applications in the cloud, on mobile devices and within your network. Deploy a Hybrid IT protection and security solution that enables you to meet any GDPR mandated availability, protection and security service levels for your applications and data - whether it lives on-premises, virtual, hybrid or public cloud.

HPE can help you meet the challenges and the maximise the opportunities presented by GDPR

When it comes to GDPR security and data protection compliance, HPE has your back – providing you with the confidence to confront evolving threats. 

  • Secure your Infrastructure - The GDPR requires that sensitive and private data is secured against both internal and external unauthorized access, disclosure and theft.   HPE server, networking and storage infrastructure has state-of-the-art encryption and breach detection technology designed in, enabling you to secure your IT service delivery platforms.
  • Maximise uptime - prevent outages - The GDPR demands 24x365 availability of information with no tolerance for unplanned downtime for many applications and services.   With HPE 3PAR All-Flash Arrays, you can ensure near continuous availability for applications and infrastructure by eliminating planned and unplanned downtime – within, across and between all-flash data centers.
  • Reduce risk of data loss - ensure rapid recovery - The threat and risk of data loss is growing in both variety and volume - equating to lost revenue, lost productivity and lost reputation.  HPE Data Protection solutions provide a one stop to cover the complete continuum of data protection to meet any service level, any time - whether on-premises, virtual, hybrid or public cloud.

The bottom line

Are you an IT and/or security decision maker who must who must achieve compliance with GDPR or risk severe financial and reputational penalties? HPE can help you with state-of-the art encryption and breach detection technologies that deliver end-to-end server, networking and storage infrastructure which is secure and protected from the start – from edge to core to cloud.

Find Out More

HPE 3PAR All-Flash - Extreme high availability for the All-Flash Data Center
HPE Data Protection - All the protection you need - wherever you need it

Simon Watkins

Simon Watkins  Simon Watkins

WW Product Marketing Manager, Backup, Recovery & Archive (BURA) HPE Storage

Other posts by Simon Watkins

Contact author