Increasing legislation around the management of data, be that the GDPR in Europe, HIPAA in the US or the POPI act in South Africa, is posing an ever greater challenge for organisations. Both primary and backup data are subject to an ever-increasing list of legal and regulatory requirements. These regulations determine how data can be stored, who can gain access to it and its integrity, throughout its lifecycle.
In Europe, for example, under the recently implemented GDPR regulation, those found to be in breach of data protection law could face monetary fines of up to 4% of global revenue or £20 million, whichever is higher. In addition, those that fail to comply could be named and shamed in the form of publicly published undertakings or could even face criminal prosecutions.
The challenge of data growth & compliance
The volume of data created in the last two years is larger than the total volume created in the previous two thousand years, and over the next twelve months we will create double again. Many organisations are now responsible for data beyond their traditional network, residing safely behind a firewall. They have mobile networks, cloud infrastructure and data residing on, third party storage systems. All this data is subject to increasing legislation around the management of data be that through Data Protection Act, soon to be GDPR; the Patriot Act in the US or the POPI Act in South Africa, placing challenges on organisations. In addition to the Government enforced legislation, organisations must also comply with industry specific regulators and their demands, be that the Financial Conduct Authority or The Solicitors Regulatory Authority for example.
The penalties for non-compliance
For those found to be breaching the Data Protection Act, the ICO has a range of powers from naming and shaming in the form of publicly published undertakings, the ability to issue monetary fines up to £500,000 per incident or to even pursue criminal prosecutions. With the arrival of GDPR, data protection, sovereignty and security is more important than ever, with harsher penalties, up to 4% of your company’s global revenue, more rigidly enforced, placing further demands on IT departments. Some organisations are now having to employ data officers just to keep up with changes in legislation. How confident are you, if asked, that you would be able to locate all the data you hold on a customer or an employee?
The GDPR Act, is a piece of legislation that will fully take effect by 2018. GDPR will strengthen the Data Protection Act (DPA). One of the initial differences between GDPR and DPD is that GDPR is a regulation, not a directive; as a regulation, no additional enabling legislation will have to be passed by governments of member states. In compliance with GDPR, organisations must ensure measures have been taken to minimise risk and the chance of data breach. These processes and policies will also ensure organisations are accountable and can be governed; part of the guidelines on GDPR reads, organisations must “implement appropriate technical and organisational measures that ensure and demonstrate compliance”.
Understand what data you hold, and where it resides
With Redstor Pro, you gain centralised insight into your business's data. Redstor Pro provides a unified, visual view of unstructured business data giving organisations a means of undertaking effective search to address compliance challenges such as GDPR's right to be forgotten. Redstor Pro centrally and proactively gathers data for interrogation by means of Redstor Pro's scanning engine, avoiding the need to wait for data to be delivered for analysis and eliminating the reliance on manual collection and indexing of data.
Redstor can help you be compliant
Need more information or advice? Get in touch and we will be happy to help.