General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws, the purpose of which is safeguarding the rights of individuals, giving people better access to the information companies hold about them, more control over their personal information and what that data can be used for. It even provides individuals the “Right to Be Forgotten” by having their data erased.
GDPR also obligates businesses to manage and protect consumer data better, or otherwise face stiff fines. It also covers things like requiring consent before data is processed, reporting data breaches and guaranteeing the safe transfer of data across borders.
Although this initiative started in the European Union, any company that markets goods or services to EU residents, regardless of where the company is based, is obligated to comply with the GDPR mandate by May 25, 2018.
Although there is no one-size-fits-all solution to compliance with GDPR, and compliance plans will look different for companies of varying sizes and from differing verticals, there are solutions to help organizations meet the mandate.
One of those solutions is Data Center Infrastructure Management (DCIM) software. Nlyte’s DCIM and Discovery provide the ability to track within the physical infrastructure where the data resides, the means in which the data is transported, how and if it is encrypted, and who has interacted with the data.
The GDPR fundamentals Nlyte’s DCIM solution tracks include:
- Where the critical data is located, geographic location, devices servers/storage/network
- Where the data is replicated, geographic location, devices servers/storage/network
- What, and if, security and encryptions tools are deployed on identified devices and enabled
- Data breach notifications i.e. indicating what “data subjects” data ran on what assets
- Identification of secondary locations of infrastructure for the safe handling of data transporting across borders
Nlyte provides support for processes related directly to many of the specific articles within GDPR, including:
- Article 35 – Data Protection Impact Assessment – Nlyte Workflow captures asset and application names indicating if the system is running or hosting customer data.
- Article 17 – Right to Erasure – Nlyte Asset Management tracks the entire lifecycle of assets that have been used to store or process customer data.
- Article 58 – Investigative Powers – Nlyte’s Asset Optimization and Tracking support compulsory data protection audits.
- Articles 59, 33 and 33a – Activity Reports and Data Breach Notification to Authorities – Nlyte Impact Assessment Reports list assets that have been flagged for GDPR tracking.
- Article 45 – Transfers on the Basis of an Adequacy Decision – Nlyte’s Asset Lifecycle Tracking between locations provides accountability and compliance visibility and reporting.
With fines up to 4% of a company’s global revenue at stake for non-compliance, GDPR must be taken seriously by global companies with EU presence.
Don’t wait to the last minute. Contact your Nlyte representative for more details and to find out how our “market-first” leading solutions and expertise can help you meet the GDPR manadate on time and on budget – avoiding that steep fine.