GDPR – The clock is ticking
Many articles have been written lately concerning GDPR which goes into effect in May of 2018. Instead of spending most of this article writing about the regulations and history of such, we want to focus directly on actions companies should be taking and how the Heureka platform can help. One of the first “actions” focuses directly on finding and identifying user information (data). Because GDPR focuses heavily on data privacy and data ownership, knowing where your data is and what it contains is a vital first step in gaining control of your information.
A good post regarding GDPR in legal environments was written by Ryan Costello from eTERA Consulting, republished by LJN. Two key takeaways from Ryan’s post include “Start by doing things” and “knowing where data is”.
So, how does Heureka directly help with Ryan’s points? Logically we begin with the “start by doing things”. Along those lines, each client starts by installing an endpoint service on laptops, desktops, or file shares. Once deployed a local text and metadata index is created whereby a vast amount of intelligence can be gained in a very short amount of time while never moving a single file. Users work with a web interface to query all endpoints allowing searches for both metadata as well as file content. Additionally Heureka’s indexing engine runs a daily, automated PII sweep that returns sensitive data categorization back to a dashboard. PII info such as credit cards and identification numbers are counted and classified automatically giving you a high-level overview as well as the ability to query down to the file level on any of the endpoints.
Ryan’s second point involves “knowing where data is” which is a core function built into Interrogate. Intelligent decisions involving GDPR or backup and security strategy are difficult without the knowledge of where your data is and its content. Heureka provides data mapping intelligence at a deeper level as you gain knowledge on file content in addition to standard metadata information. It is extremely difficult to conform to privacy regulations without a deep knowledge and understanding of your data. This is one of the key goals of the Heureka platform.
Smart and rapid data mapping and assessments can be performed easily. Heureka has created a unique GDPR workbook that allows users to interact with their data. Items such as file volume, duplication, growth over time and most importantly PII can be visualized with full interactivity using dates, endpoint names, file categories, etc.
Whether you are subject to GDPR regulations or not, many companies are viewing this framework as a good strategy to better protect privacy information. For those that are subject to GDPR, non-compliance can result in fines up to €20M or 4% of global annual turnover for the previous financial year (whichever is greater). A secondary sanction tier could impose a fine of up to €10M or 2% of global annual turnover (whichever is greater). Needless to say, incurring GDPR penalties could be very, very costly.
If you are a U.S. based multinational, GDPR must be on your radar. A quick read of this article explains more. Companies outside the U.S. are also concerned as this article gives an explanation on Singapore’s concern with GDPR. The bottom line is that the clock is ticking down quickly on compliance and having no strategy or action plan will become a problem. Additionally, not knowing where sensitive data is can no longer be an option and this is where Heureka can help.