The year 2018 is bringing organisations worldwide new challenges to face. While ensuring data protection has always been an important task for all businesses, with the enforcement of the GDPR in May 2018, the issue is now in the spotlight. What should you know about the GDPR and how can you prepare for it? We have put together some information to help you out, together with some of the ways that Syneto infrastructure can help.
What is the GDPR?
The General Data Protection Regulation (EU Regulation 2016/679) – shortly, GDPR – is a regulation meant to unify and improve regulations concerning data protection for the citizens of the EU. The EU General Data Protection Regulation (GDPR) is meant to replace the Data Protection Directive 95/46/EC, which no longer suffices as legislation. According to the official EU GDPR website, it “was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.”
While we know that this unified regulation has been a necessary and natural step, its implications are complex. As most businesses and organisations invariably manage sensitive user information, most companies will be affected by the GDPR. Moreover, this regulation not only affects EU businesses but all businesses handling European data.
How could not complying with the GDPR affect you?
- Loss of money: Businesses and organizations that breach the GDPR can be fined up to 4% of annual global turnover or €20 Million, whichever is greater. In order to avoid paying fines, an organisation will have to improve all of their business processes, technical or organisational.
- Loss of client trust: Businesses have to keep their customers’ data safe. In case of a data loss, client trust can be lost and they can choose to turn to the competition. Complete data protection is needed to avoid that.
- Potential loss of business: Starting May 2018, businesses that do not comply with the GDPR and who cannot protect customer data, will lose their credibility, potentially losing important business opportunities.
What are the biggest changes that the GDPR brings?
As the GDPR comes as a necessary improvement of a 1995 directive, it maintains the same key principles of data protection. However, since the use of data has come a long way in the last 20 years, this Regulation has a higher degree of complexity, covering areas that have not been of much interest back in 1995.
Here are the biggest changes you should be aware of:
- Penalties: businesses and organizations that breach the GDPR can be fined up to 4% of annual global turnover or €20 Million, whichever is greater.
- Extra-territorial applicability: the GDPR applies to all companies and organisations that process the personal data of EU individuals, regardless of the company’s location. As it focuses on protecting the personal data of European individuals, it applies to both EU organisations and non-EU organizations that handle this kind of data. This means that if a non-EU company does business in Europe, it will also have to comply to the GDPR.
- Consent: the GDPR also means to ensure that individuals are asked for consent in managing their data in a clear and intelligible manner; moreover, consent will have to be withdrawn as easily as it is given.
- Breach notifications: it will become mandatory for companies to notify both customers and controllers of a data breach within 72 hours after the breach has happened.
- Data protection officers (DPO): data controllers and data processors will have to appoint a DPO – this can be a member of the staff, a person hired for this person or an external contractor.
- The right to access: all companies processing individuals’ data will be obliged to provide them with copy of their data, as well as with information about where the data is stored and how it’s processed.
- The right to be forgotten: companies will have to delete user data on request; they will also have to stop the sharing of data with third parties if requested to do so.
- Data portability: individuals will have the right to transmit data from one controller (company) to another; the companies will have to be able to share data in a commonly used format.
- Privacy by design: companies will be responsible for ensuring data protection, by implementing appropriate technical and organizational means; this concept is not a new one and it implies that data protection cannot be treated as an additional task, but must be a default feature of the systems companies use.
How can a Syneto hyperconverged infrastructure help you comply?
A Syneto HYPERSeries hyperconverged infrastructure will bring you:
- Data security and recoverability
The filesystem inside SynetoOS (running on all Syneto products) is specifically designed to provide data security and recoverability. Personal data can be recovered in case of malicious software attacks, accidental deletion or physical loss of the platform.
- Data is safe from corruption
Your Syneto appliance can keep the data safe from corruption and recoverable from viruses, deletions or natural disasters. Syneto appliances provide you with automatic backups and replication policies which ensure appropriate and provable protection.
- Data Confidentiality
Syneto products are designed to ensure confidentiality by interfacing with Data Access Control software like Microsoft Active Directory. The appliances and SynetoOS are also designed to limit the downtime of processing systems (hosted VMs or file shares) and recover the systems in only 15 min.
- Limited downtime
Syneto systems include built-in Disaster Recovery capabilities and a dedicated DR unit which can “replay” the entire IT infrastructure in just 15 min.