Time is also running out rapidly for GDPR compliance; the regulations come into force in May 2018, and so there’s no time to waste. If you haven’t started the process yet, then start saving up for the fines because these are not going to be cheap. For example, last year, Talk Talk’s fine of £400,000 for security failings was big, but under GDPR the company could be given a financial penalty that equates to 70 times higher than this figure – to the tune of a whopping £59m.
While these potential fines are significant and potentially damaging from both a financial and reputational perspective, there are still many uncertainties about exactly what you should do. What are suppliers doing to help the SME customers, other than trying to frighten them? After all, smaller companies aren’t going to have the revenue available that large corporations will have to protect them from going under.
Arguably, the best insurance policy to prevent any calamity is to invest in GDPR compliance now – whether you are a data centre or a customer of one. On either side of the customer-supplier fence, the impact of GDPR could be devastating if preparations are made for it now. So, suppliers – vendors – should be assisting their customers, both large and small, with GDPR.
SME customers aren’t the only ones that need to be concerned about getting ready for GDPR. The larger the organisation, the larger the problem. Just think how many customers some of the large financial organisations have and how far back they go. How long have you been with your bank, pension or insurance company – all that data has to be found, read and catalogued. Some companies are looking at hundreds of thousands of archived tapes.
GDPR is going to have a dramatic effect on data centres before and after the deadline, and so several key decisions have to be made regarding data discovery. Are they going to outsource it and then bring the result back in-house, or are they intent on running the discovery process in house? Once in house, will the storage and infrastructure be compliant now you have all the key data in one place?
All this will create one of the biggest challenges to IT especially when addressing legacy IT such as archived tape, and so determining what data is stored in these archives and what it might mean to an organisation is a real challenge. Know where personal information lies as this is fundamental, and understand that search times need to be deterministic to meet GDPR requirements.
Implementing an information management solution may save on data centre and management costs, according to Jim McGann, VP marketing & business development at Index Engines. Many organisations can free up 30% of their data, allowing them to manage their data more effectively.
Organisations can gain positive results by cleaning their data, but public companies can’t just delete data randomly as there are regulatory compliance issues. Organisations need to ask if the files have business value or any regulatory compliance requirements.
For example, if there is no legal reason for keeping the data, then it can be deleted. Some firms are also migrating their data to the cloud to remove their data from their data centre. As part of this process they are examining whether the data has any business value to make their data migration decisions.
GDPR adds yet another layer of regulation upon what already exists, so organisations, including data centres, need to know and consider what lies within their files.
Bridgeworks helps organisations do this, by gathering and moving data from anywhere in the world. This movement of data to allows organisations to understand what data they actually have. While solutions such as PORTrockIT can enable the secure acceleration of data between different points for indexing, storage and back-up, it isn’t a solution that can permit GDPR compliance in isolation. However, with storage provider Index Engines, Bridgeworks has built a stack to help organisations realise a logical starting point in preparation GDPR.