By Floyd Christofferson,
SVP of Products at Strongbox Data
It is no illusion that every time you turn around it seems there is another report of a high-profile hack of sensitive personal data, impacting hundreds of millions of people all over the world. The recent Equifax hack released personal financial data of over 143 million consumers, but that was not an isolated incident. In 2016 and 2017 so far there have been at least 26 major hacks around the world that have released personal data of more than 700 million people. These include hacks of telecommunication companies, financial institutions, government agencies, universities, shopping sites, and much more.
The hacks are not a new problem. But in a global economy with often conflicting political and economic priorities at stake, there has been no comprehensive approach to ensuring people have the right to protect and delete if they want, all of their personal data.
The European Union’s new GDPR (General Data Protection Regulation) went into effect in May 2018. Although GDPR is designed to protect European citizens, the rules and penalties apply to any company from any country who does business in Europe. And the penalties are significant, with companies at risk of being fined up to 4% of their global annual gross revenues or €20 million (whichever is greater) for failing to comply with strict right-to-be-forgotten and privacy protections for customer data.
As a result, there is a growing panic among businesses as they try to figure out how to solve this problem in time, and how to do so with existing data management and storage resources that are not designed for this task. And the concern is not only in Europe. Companies in the US and around the world who have customers in Europe are also scrambling to ensure they are in full compliance by the deadline. But according to Gartner, by the end of 2018 over 50% of companies affected by the GDPR worldwide will not be in full compliance with its requirements.
In this paper we offer an overview of the key provisions of GDPR that impact storage and data management for both structured and unstructured data. In subsequent technical briefs, we will go into more detail about specific technical solutions to help ensure your data environment is in compliance, even with your existing storage and data infrastructure.