Understand how GDPR could affect your business

 

Connexion InternetI have been asked in a number of meetings over the past few months “what is GDPR?” and in some cases “What do I have to buy?”

But let’s get one thing straight from the start GDPR is NOT an IT problem you can’t just buy something and make it go away. This is a common misconception and I thought I would take the time to jot down what I have learned so far and see if it can help you.

The EU General Data Protection Regulation (GDPR) comes in to force on 25th May 2018. It applies to all organisations processing personal data of EU residents, the regulation will introduce a new and enforced way that organisations handle data protection. The penalties for non-compliance of GDPR can be up to 20 million euros or 4% of company’s annual turnover. In addition, data subjects get a right to claim for compensation against an organisation under GDPR.

It is important to understand your obligations and to start working towards your compliancy requirements. Being ready by 25th May 2018 will be a major undertaking, but the risks of not being prepared for GDPR are too big to ignore.

What are the new requirements?

Privacy by Design – GDPR has introduced formal principles of Privacy by Design into their Regulations which includes reducing your data collection to what you actually require and the retention of this data to gaining clear consent from the consumers to process their data.

Right to Erasure – The current EU data protection directive already provides a right for consumers to request data deletion. But GDPR extends this regulation to include data that’s been published out to the internet. This is where you hear a second term known as the “right to be forgotten” which extends to keeping your data fully out of the public view and ensuring it is removed from all systems.

Breach Notification – Within 72 hours of a personal data breach been discovered you have to inform the appropriate authorities. This has to also be extended out to the data subjects if the data is classified as “high risk to their rights and freedoms”.

Fines – Now this is where most company’s ears perk up, GDPR introduces fines that can be up to 4% of a company’s global revenue or 20Million Euro – whichever is higher

Data Protections Impact Assessments (DPIA) –  A DPIA is required in high-risk situations, for example where a new technology is being deployed or where a profiling operation is likely to significantly affect a subject.

Data Protection Officer (DPO) – Not all companies have a DPO, but if you don’t I would advise that you assign this duty so someone in your organisation to take proper responsibility for your data protection compliance. Below are the regulation details identifying if you need a DPO.

“DPOs must be appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37).  If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO.”

Consent – GDPR introduces new strict regulations around collecting data, you have to make sure that you are clear and concise when requesting consent from the subject. You have to define what the data is been collected for and make sure that all it is used for. As a controller of data you are responsible for making sure you have an audit trail of consent for all data collected from a subject. You may as a business need to review how you’re collecting and recording consent and if you need to make any changes to your procedures.

Children data protection – GDPR will bring in special protection for children’s personal data, focused particularly on commercial internet services such as social networking. To put this into context if you collect data about children, then you will need consent from the parent or guardians to process any personal details lawfully. It may have significant implications for your organisation if your business is aimed at children and collects their personal data. All consent has to be again clear and defined when collecting children’s data and your privacy notice must be written in language that children will understand.

Does Brexit mean I have to comply?

There are few of misconceptions around Brexit when it comes to GDPR. The main one been that “Brexit means we don’t have to comply”. This is FALSE! Businesses will still have to adhere to this regulation, this an EU regulation that protects EU citizen’s data. Which mean if you hold any details about an EU Citizen you have to make sure you are compliant and have taken the necessary steps regardless of the jurisdiction.

As I said above GDPR comes into force next year 25/5/2018 and we will still be in the EU so don’t burrow your head in the sand.

Now there are a number of other requirements that you may need to meet to comply with EU GDPR, but I am not a legal expert. So please take the time to investigate where you stand in relation to GDPR understand your risks and what data you hold. Attend an event and discuss it further with legal experts to help you start and build your foundations for GDPR.

Top 4 Questions About the Value of the NetApp Data Fabric

The trouble most people have with understanding Data Fabric is that it’s not a product that you can just go out and buy. It’s NetApp’s answer to the future of IT. It’s a way of using a wide portfolio of products to enable continuous data availability across multiple on-premises and cloud platforms.

But the real value of data fabric is it provides a platform for transforming your business

While it’s not as simple or easily measurable as just expanding your bottom line, the real value of a Data Fabric is its power to transform your business.

I typically hear four questions about the value of a Data Fabric:

  1. How can it change how I utilise my infrastructure?
  2. How can it help me use my resources better?
  3. How can it help me use my data more efficiently?
  4. How can it help my business make money?

How can Data Fabric change how I utilise my infrastructure?

Whether you’re an existing NetApp customer with a data centre full of NetApp kit or not, the NetApp Data Fabric can help you get more out of your IT infrastructure.

Let’s say your business has a new requirement to provide backup, test and development in the cloud, but you don’t want to have a large admin team to manage all the different tools or equipment required to deliver this solution. So you need to make sure the solution is easy to manage, with full choice and control over your data.

You can build a data fabric to address these challenges and I don’t mean by some “one-size-fits-all” compromise either. I can think of three data fabric components that we can use to meet our needs: FlexArray, ONTAP Cloud, and AltaVault.

FlexArray would provide you with the capabilities to sweat the assets you already have, so you wouldn’t need to replace all your existing storage. In fact, if you wanted to keep it, you could use FlexArray to repurpose it to run ONTAP. This gives your existing storage and all the efficiency benefits of ONTAP

ONTAP Cloud now think about having on premises efficiency and control but in the cloud. With ONTAP Cloud you are able to replicate data from your onsite ONTAP array out into AWS or Azure. In an instance it can provide a test and Dev environment without having to pay for hardware and enables you to operationally scale.

AltaVault provides you with end-to-end efficiency and security when moving data to the cloud. It supports all leading backup and archive software, giving you flexibility and choice to fit it into your existing infrastructure without compromise. It can be deployed as a physical, virtual, or cloud-based solution. In less than 30 minutes, you can be backing up your data from any of your on-premises environments to the cloud of your choice.

How can Data Fabric help me use my resources better?

The Data Fabric gives you choice without sacrificing control of your data. This is key to a successful IT strategy. Forget about trying to predict what you’re going to do in 3-5 years. Think about how your decisions can change your business today. With NetApp Data Fabric and the technologies that enable it, you can buy for what you need today and scale for what you need tomorrow. Your infrastructure is agile and adaptable to your dynamic business requirements.

How can Data Fabric help me use my data more efficiently?

ONTAP 9

ONTAP 9 is the pinnacle of NetApp’s quarter century of innovation and is at the very heart of NetApp’s data fabric strategy.

NetApp continue to build capabilities into the platform to ensure that your key data assets are not only stored efficiently, but are highly available, protected and secured.

However, the true power of ONTAP is in its flexibility, the ability to not only run ONTAP on “traditional” physical controllers, but also as a software defined option with ONTAP Select or in the public cloud with ONTAP cloud, means not only can ONTAP allow us to seamlessly move data between storage tiers and controllers, but between virtual appliances and cloud providers to. All of this while maintaining all the same capabilities you expect on-premises meaning your data management, protection, security and analytics tools work in exactly the same way, regardless of ONTAP’s location.

Add to that NetApp’s desire to allow the ability to mirror data between any platform in its portfolio via SnapMirror to Anywhere technology, then you can see how your data fabric can take shape.

How can Data Fabric help my business make money?

A good portion of our IT budgets are probably spent just keeping the lights on. How much do you actually spend on development that moves the business forward?

A couple of months ago, a customer approached me to build an infrastructure that gives them the ability to run their business for peak workloads during heavy sales periods during the last three months of the year.

They wanted a virtualisation environment with a storage platform to run the required 200 servers during these peak times. The rest of the year, the environment runs at 50% of the peak workload (only having to run 100 servers). If this was a fixed, capex-based infrastructure, they would have unused equipment sitting around for most of the year. Over a three-year contract, that’s 27 months of wasted investment.

With a Data Fabric, we allowed them to achieve the same capabilities at a much lower cost. We started by deploying a virtualized flash platform on premises to account for standard workload and capacity requirements. While that flash platform may be able to cope with some of the burst that’s required as the business ramps up to its busy time, that’s not the only requirement. Compute and possibly additional storage may be needed for the extra 100 VMs.

A Data Fabric allowed us to use a hybrid cloud solution to address this challenge. By using ONTAP Cloud, we could seamlessly move data between the on-premises kit and either AWS or Azure.

Our fabric strategy also had the flexibility, if needed, to use a NetApp Private Storage (NPS) solution, allowing you to keep your data on your own NetApp systems for constant, guaranteed performance, whilst using your choice of public cloud providers for compute. This solution gives you the agility to scale up or down on demand and only pay for what you need when you need it, saving you that capital expenditure.

If you’ve been asking yourself, “What does Data Fabric mean for me and my business?” you’re not alone. Data Fabric is NetApp’s vision for the future of IT, and the benefits to your business both now and in the future are unmatched in the industry. I have spoken to a lot of customers over the past year and one thing I have learned is that the Data Fabric can help you solve your business challenges today and in the future so

What are you waiting for?