Increasing legislation around the management of data, be that the GDPR in Europe, HIPAA in the US or the POPI act in South Africa, is posing an ever greater challenge for organizations. Both primary and backup data are subject to an ever-increasing list of legal and regulatory requirements. These regulations determine how data can be stored, who can gain access to it and its integrity, throughout its lifecycle.
The challenge of data growth & compliance
The volume of data created in the last two years is larger than the total volume created in the previous two thousand years, and over the next twelve months we will create double again. Many organizations are now responsible for data beyond their traditional network, residing safely behind a firewall. They have mobile networks, cloud infrastructure and data residing on, third party storage systems. All this data is subject to increasing legislation around the management of data be that through Data Protection Act, soon to be GDPR; the Patriot Act in the US or the POPI Act in South Africa, placing challenges on organizations. In addition to the Government enforced legislation, organizations must also comply with industry specific regulators and their demands, be that the Financial Conduct Authority or The Solicitors Regulatory Authority for example.
The penalties for non-compliance
For those found to be breaching the Data Protection Act, the ICO has a range of powers from naming and shaming in the form of publicly published undertakings, the ability to issue monetary fines up to £500,000 per incident or to even pursue criminal prosecutions. With the arrival of GDPR, data protection, sovereignty and security is more important than ever, with harsher penalties, up to 4% of your company’s global revenue, more rigidly enforced, placing further demands on IT departments. Some organizations are now having to employ data officers just to keep up with changes in legislation. How confident are you, if asked, that you would be able to locate all the data you hold on a customer or an employee?
The GDPR Act, is a piece of legislation that will fully take effect by in Europe by 2018. In the UK, the GDPR will replace and strengthen the Data Protection Act (DPA). One of the initial differences between GDPR and DPD is that GDPR is a regulation, not a directive; as a regulation, no additional enabling legislation will have to be passed by governments of member states. In compliance with GDPR, organizations must ensure measures have been taken to minimise risk and the chance of data breach. These processes and policies will also ensure organizations are accountable and can be governed; part of the guidelines on GDPR reads, organizations must “implement appropriate technical and organizational measures that ensure and demonstrate compliance”.
Understand what data you hold, and where it resides
With Redstor Pro, you gain centralized insight into your business's data. Redstor Pro provides a unified, visual view of unstructured business data giving organizations a means of undertaking effective search to address compliance challenges such as GDPR's right to be forgotten. Redstor Pro centrally and proactively gathers data for interrogation by means of Redstor Pro's scanning engine, avoiding the need to wait for data to be delivered for analysis and eliminating the reliance on manual collection and indexing of data.
Redstor can help you be compliant
Need more information or advice? Get in touch and we will be happy to help.