GDRC Compliance Experience

GDPR: 5 lessons learned, Veeam compliance experience shared. Veeam® is committed to sharing our GDPR compliance experience with you. This regulation is complex and fact specific, meaning each organization’s GDPR compliance program may mean something different from the next company. GDPR is a major update to the Data Protection Directive from 1995, or more specifically 95/46/EC (that’s right, over 21 years between major releases!), and the data intensive world we live in is significantly different than the world we lived in in 1995. Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It affects everyone — not just IT. We have prepared...
GDPR: 5 lessons learned, Veeam compliance experience shared. Veeam® is committed to sharing our GDPR compliance experience with you. This regulation is complex and fact specific, meaning each organization’s GDPR compliance program may mean something different from the next company. GDPR is a major update to the Data Protection Directive from 1995, or more specifically 95/46/EC (that’s right, over 21 years between major releases!), and the data intensive world we live in is significantly different than the world we lived in in 1995. Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It affects everyone — not just IT. We have prepared this white paper as a discussion of how Veeam interprets GDPR as of the date of publication. As a privately held information technology company that develops backup, disaster recovery and data management software for virtual, physical and cloud-based workloads to provide Availability for the Always-On Enterprise™, we have spent a lot of time with GDPR not only complying with it as a global organization, but also in development of our products. This white paper should not be relied upon as legal advice or determination on how GDPR applies to your organization. We encourage you to do as we did and work with legally qualified professionals to discuss GDPR and how it applies to your organization and collaborate and build a plan towards compliance. Veeam provides this white paper “as-is” and makes no warranties, express or implied as to the information in this white paper. Published on January 2018. Version 1.0 © 2018 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 2 GDPR: 5 lessons learned, Veeam compliance experience shared. Introduction In mid-2016, shortly after the enactment of the General Data Protection Regulation, or GDPR, Veeam’s executive management team immediately invested in a GDPR compliance initiative. We recognized that GDPR is the new benchmark and global standard that other countries will look to as a standard for data privacy. GDPR is brand new law and the first law addressing data privacy of individuals since the Data Protection Directive 95/46/EC. It’s a broad sweeping law and we encourage you to read it, all 260 pages of it found here at: http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf. The first tip we can provide you is to embrace the fact that this is an “evolution” not a “revolution” as many of your organizational practices you had before in compliance with the Data Protection Directive serve as the foundation for GDPR compliance. You will find numerous articles and blog posts talking about GDPR as organizations are scrambling to leverage this opportunity to grab your attention. We here at Veeam think very thoroughly. We have been building software solutions to help organizations like yours operate more efficiently and effectively. Our founders, Ratmir Timashev and Andrei Baronov founded Aelita software, a company that provided enterprise network management tools that improved security, usability and control over an organization’s network environments. You can still find these tools in Quest Software’s Windows Management products. Mr. Timashev and Baronov launched Veeam in 2006 and with our Veeam Availability Platform, we enable organizations like yours to ensure Availability for any application, any data, across any cloud. We know data management and data protection, two (2) of the key principles behind GDPR and we want to walk you through what GDPR means for us and how our products can help you address the key principles of GDPR. The Veeam game plan is to approach GDPR compliance by addressing the following five (5) principles: 1. Know your data: Identify the Personally Identifiable Information (“PII”) your organization collects, has and who has access; 2. Manage the data: Establish the rules and processes to access and use PII 3. Protect the data: Implement and ensure security controls are in place to protect the information and respond to data breaches 4. Documenting and Complying: Document your processes, execute on data requests and report any issues or data breaches within the guidelines 5. Continuous Improvement: Keep up with the fast-changing digital world and constantly review and improve your processes and procedures for data privacy and protection © 2018 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 3
Read more...