When Should Your Customers Think About GDPR Compliance?

The Time Is Now.

May 25th was a big day for IT professionals in the European Union (EU) and, more importantly, anyone involved in IT with companies processing goods or services to EU residents, even if those companies are operating from outside the EU. And it can be a big sales and consulting opportunity, not only for Dell Data Protection Solutions but also for a wide range of Dell Technologies solutions.

people walking on boardwalk across from city skyline

How so? That’s the date when the EU’s new General Data Protection Regulation (GDPR) provision took effect. Many Dell North American channel partners may have customers based in North America but with EU operations who need to comply those regulations. Penalties for violations can be harsh: up to €20 million or four percent of global revenues, whichever is the greater.

In short, the GDPR is a new regulation that establishes a single set of rules for every EU Member State to protect personal data. It builds upon and updates the current EU data protection framework. The list below summarizes six of the high-risk GDPR obligations that Dell Technologies solutions as a whole can help you to assist your customers with in their need to manage data-privacy risk and become “GDPR Ready” more effectively and efficiently:

  1. Data security and incident management requires an organization to have appropriate technical and organizational security controls and procedures in place to ensure the secure processing of an individual’s personal data as well as notify individuals and/or an EU supervisory authority in the event of a data breach.
  2. Record keeping requires an organization to maintain records of their processing activities, which extends to any vendor that they engage, as well as to document the data protection impact assessment that they have undertaken.
  3. Accountability principle essentially means an organization must demonstrate that they comply with the GDPR data protection principles.
  4. Data retention is key to ensuring fair processing. Personal data should not be retained for longer than necessary in relation to the purposes for which the data is collected or for which it will be further processed.
  5. Data minimization means that companies should only collect and use data in a manner that is consistent with a legitimate business purpose and consistent with the notice provided to the data subject.
  6. Data subject rights grant individuals the right to access, correct or erase their personal data upon request. An organization must respond to the individual’s request within one month.

Many organizations will be required to go through large-scale business process changes as they put policies in place to protect personal data. The efforts involved in supply chain management, vendor assessment, process and policy changes, and technology enhancements raise a broad scope of questions. Of the six GDPR compliance areas listed above, Dell Data Protection Solutions — including those built upon the Dell Data Protection Suite and Dell Data Domain — can help address numbers 4, 5 and 6.

Let’s briefly dive a bit deeper into the bits and bytes: For organizations that have been using tape for longer-term data retention, they may need solutions to remediate and bring the data management of these repositories under control and indexed. Dell Data Domain, plus software from our Select Partners, can help you take an optimized and high-performance approach to use cases involving Data Minimization and Tape Remediation. Likewise, Dell Data Protection Suite is optimized with Business Data Requirement-centric policy engines that allow efficient architecture and management of GDPR-Ready data retention processes going forward.

As far as Dell Technologies is concerned, it is crucial for organizations, especially in our digital era, to take command of security and privacy risk. The EU’s GDPR presents stringent obligations and associated penalties for non-compliance, which challenge all organizations subject to them.

Dell Technologies can support channel partners and customers in this effort as a trusted partner. We earn that trust with: (a) our global footprint combined with the great depth; and (b) a comprehensive scope of expertise and technologies for managing and mitigating risk around the lifecycle of data.

Here is a link to a Gartner research note detailing how to get your Enterprise Ready for the GDPR: https://www.dellemc.com/en-us/data-protection/gdpr/gartner-analysis.htm.

About the Author: Alex Almeida