Unified Global Archiving’s GDPR Compliance Solution
Unified Global Archiving is proud to introduce our new GDPR Compliance Solution. At Unified Global Archiving, we understand the complexity and implications of the EU’s new General Data Protection Regulation, and we can provide you with the expertise, solutions, and guidance to ensure that your organization is in a complete state of readiness.
What is the European Union’s new General Data Protection Regulation*?
These stringent mandates will impact multinational organizations all over the world in regard to how they will manage both structured and unstructured data that resides in their enterprise. To begin addressing these mandates, organizations must perform a preliminary identification and classification of the data that is currently within their environment. Once this exercise is complete, organizations will need to institute a continuous monitoring and governance program.
The implications of a failure to comply are significant – a fine of up to €20 Million or 4% of annual turnover. The reputational damage is unquantifiable. Fortunately, Unified Global Archiving’s new GDPR Compliance Solution is available immediately to assist all of our client’s GDPR needs [including the essential continuous monitoring component].
What will your organization be required to do?
GDPR classifies organizations as Data Processors or Data Controllers, and your organization will be responsible for understanding how to identify with the mandates specific to those classifications.
Data Controllers are the natural or legal person, public authority, agency, or any other body which determines the purposes and means of processing personal data.
Data Processors are the natural or legal person, public authority, agency or any other body which processes data on behalf of a data controller. An example of a processor would be a payroll services company.
It is possible, based on the way in which data is leveraged within your organization, you may be both a Data Controller and Data Processor. Regardless of how you identify your organization, it is most important to take control of your data by implementing a holistic governance program [such as our Unified Global Archiving GDPR Compliance Solution] that is all-encompassing, measurable, and repeatable.
What is your organization's risk?
To be GDPR compliant does not mean taking part in a one time exercise to clean up data. GDPR compliance will require continuous monitoring and oversight to ensure ongoing adherence to the mandates.
One of the primary challenges will be fulfilling data access requests. Article 15, Right of Access, empowers citizens to request copies of their personal data as well as information on how their personal data is being processed. Further, citizens are also empowered to request that their data be completely deleted or moved. Organizations only have weeks to respond/satisfy these requests.
Before an organization can even think about how to fulfill one of these requests, evaluating their overall information governance posture is a good starting point, albeit a daunting task without our Unified Global Archiving GDPR Compliance Solution.
One particular area of concern is file shares. File shares, SharePoint repositories, and other enterprise file sync and share applications tend to have little to no governance. Organizations should scrutinize these repositories and the relevancy of the data that is stored; evaluating access controls to assess whether entitlements to data are valid. Often these repositories become a storage bin for redundant, obsolete, and trivial data (ROT). In fact, it is estimated that 75% of enterprise file shares contain data that has little to no business value.
Data access requests, however, are not limited to an organization’s active data - archive and backup repositories are also in play. It is necessary to evaluate retention policies, ensuring that they are all-encompassing and are properly implemented and enforced.
How our GDPR Compliance Solution can help you.
At Unified Global Archiving, our compliance team is ready to put your organization in a state of GDPR readiness, with the ability to confidently satisfy the mandates on a continuous basis.
With our GDPR Compliance Solution’s Data Light technology, we provide complete GDPR readiness by design with powerful identification, classification, and control capabilities that stratify hundreds of data and file types across the entire information landscape:
- A powerful GDPR and PII management console with an intuitive workflow
- Rapid and seamless response to data subject access requests
- Control across all data types within a single platform (email, files, IM, social media, SMS, etc.)
- Unparalleled scalability into the multi-petabyte range
- Dark data penetration through powerful OCR and A/V transcription engines
How our GDPR Compliance Solution helps Microsoft Office 365.
If your organization is utilizing Microsoft Office 365, it has shortcomings that can compromise GDPR compliance. Fortunately, PCAS O-Bridge, our new Microsoft Office 365 bridge application, is the complementary solution to address GDPR compliance gaps. It is a transformative technology with bi-directional integration between the PCAS archive and Microsoft Office 365. This integration now provides PCAS 1.0 customers with an unprecedented layer of security and corporate communication oversight.
PCAS O-Bridge for Microsoft Office 365 is the only archiving solution that provides a single platform to compliantly delete offending items from both the archive repository as well as Microsoft Office 365, unlike competitive solutions which only enable you to take action upon the archive repository.
Contact Unified Global Archiving to create your GDPR Compliance Solution.
Give Unified Global Archiving a call today to discuss our GDPR Compliance Solution, schedule a demo of our solution and learn how we can help your organization become GDPR ready by May 2018.
* The General Data Protection Regulation (GDPR) (Regulation (EU 2016/679)) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU.
The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable.
The regulation applies if the data controller (an organization that collects data from EU residents) or processor (an organization that processes data on behalf of data controller e.g. cloud service providers), or the data subject (person) is based in the EU. Furthermore, the regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents. According to the European Commission "personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address."
The EU’s new General Data Protection Regulation [GDPR] legislation was approved and adopted in April 2016. It is designed to simply protect the privacy rights of all EU citizens. However, the significant global implications it carries are far from simple. Almost every type of business, location, and vertical will be affected. GDPR doesn’t just apply to companies in the European Union; organizations outside of the EU, which are targeting consumers in the EU, or have customers in the EU, are subject to the regulation.
This new legislation, a marked evolution in the regulatory pursuit of privacy protection, is a complex and layered framework that demands a compliance ecosystem with evolved capabilities around security, privacy, and governance. Fundamentally, all organizations that store and process EU citizens’ data must obtain consent to do so and most importantly, have the capability to respond to subject access requests.