Businesses need to urgently prepare for the arrival of EU GDPR compliance regulations, or risk being among the first to be penalised when the regulations take effect in 12 months' time, according to Commvault, a global leader in enterprise backup, recovery, archive and the cloud. Corporate complacency is one of the biggest barriers to GDPR compliance with many organisations yet to implement either suitable processes or technology. With instances of intrusions such as ransomware and leakware on the rise, failure to implement a secure data management platform can result in organisations facing damaging financial penalties. 

Pegged as the toughest piece of privacy regulation in the world, and the most significant privacy regulation update since 1995 when the original Data Protection Directive was launched, GDPR was passed in April 2016 and will take effect on May 25, 2018. It is designed to pass the balance of power back to individuals in how their data is processed and has far reaching implications for any global organisation that manages personal information of EU citizens.

"GDPR has been on the radar of European countries for a while now, but we haven't seen many organizations actively taking steps to become compliant, so now it is crunch time," said N. Robert Hammer, chairman, president and CEO, Commvault. "You don't want to be the company in the first week of June 2018 that is used as the poster child for the harsh reality of the penalties laid out by the regulations. "There is still plenty of time for organizations to ensure compliance in time for the May 2018 deadline, but they need to move quickly and strategically, and this is where Commvault can help."

Commvault can help companies meet specific articles and principles of GDPR, including the right to be forgotten, data protection by design and by default, ensuring ongoing confidentiality, integrity, availability and resilience, 72-hour data breach notification, data minimization principle, data transfers and portability, and more. To tackle these specifications from GDPR, the Commvault Data Platform indexes content from the data that it touches, uniquely providing a single point for organisations to locate Personally Identifiable Information in unstructured data, whether in backups, archives, core enterprise, private and public cloud environments, and also in Endpoint Protection.

The Commvault Data Platform has been built with security in mind and provides organizations with the ability to identify, mitigate and recover from cyber attacks. Commvault utilizes sophisticated intrusion detection software to enable organizations to recognize threats such as ransomware, or the lesser-known leakware, which exposes personal customer data to the public unless a ransom is paid. By being aware of ongoing threats, companies are better able to protect Personally Identifiable Information and maintain GDPR compliance - even when vital systems are under attack.

"Good data management practices are key to GDPR compliance success. Understanding where you have personal data - in which applications, on-premises or in the cloud, which processes use this data, and who owns it - is an important first step," said Carla Arend, Program Director, IDC. "If you have not started to prepare, get started now; getting GDPR compliance right takes time. Most European organizations have started preparations, but those outside the EU need to understand how this regulation applies to them as well. A good starting point is addressing unstructured data and devising data governance and management processes that cover data from edge devices to the data center to the cloud."

The legislation includes the new 'data protection officer' concept, which is a role to monitor compliance, and it can be filled by someone from the company staff or by an outsourced vendor. Likewise, companies must adapt their own systems or go for an outsourced approach.

"Many SMEs will opt for the outsourcing," said Ricardo de la Cruz, Infrastructure Director - ACENS, "so they will have to depend on a reliable entity to meet their obligations and ensure confidentiality and availability for their data. In this scenario trusted suppliers like Acens and Commvault are key."

Many organizations across the world are already using the Commvault Data Platform to ensure that their data management processes are robust enough to build fully GDPR compliant processes on top.

"We discovered the full potential of Commvault Platform during a transformation workshop organised by the company, as part of which Commvault assessed our organization's maturity in the areas of data management and information," added Przemysław Wesołowski, IT Infrastructure Director, PGNiG SA. "The workshops resulted in recommendations that delivered greater competitive advantage to our business by making different data sets more immediately and easily visible to our executives, as well as providing greater speed and accuracy in terms of compliance - a critical factor when our business has so much commercially sensitive data and the impending GDPR legislation requirements incoming into effect in 2018."