U.S. & APAC Companies Pay Attention: The GDPR Deadline Looms for the EU

With Facebook under scrutiny for sharing users’ data with third-party data brokers, more internet users are questioning the privacy of and access to their personal information. European Union businesses and citizens have been concerned since at least early 2012 when the proposal for General Protection Data Regulation (GDPR) was released. The official GDPR regulation was adopted by all member states and the European Parliament in 2016. Beginning May 25, 2018, any organization that has a presence in an EU country or houses the personal data of EU citizens will have to comply with the GDPR standards.
GDPR also pertains to any businesses that:

  • Has operations in the EU
  • Is doing business with an EU company or a US company that has operations in the EU
  • Has any level of data involvement with EU companies

The penalties for GDPR non-compliance are severe. Should North American or APAC businesses be concerned?

What Lead to the GDPR Proposal?

Until the 2012 proposal, countries in the EU had their own regulations due to each individual nation’s interpretation of the Data Protection Directive from 1995. The patchwork of inconsistent rules caused organizations to rely on additional resources to comply with different national procedures and laws, especially as more data was collected in the decades since.

Although each nation had its own data protection laws, the enforcement of those laws was negligent. EU businesses were given security guidelines to follow and were self-regulating, but PwC’s 2018 Global Economic Crime and Fraud Survey states that only 54% of global organizations have conducted a fraud assessment in the past two years. One in ten had not performed any type of risk assessment in the same time frame.

With the implementation of GDPR, the EU market will save an estimated 2.3 billion euros or $2.85 billion every year. However, they are also held liable for data security and fraud protection.

What Does GDPR Require?

GDPR sets minimum standards for data protection for any business that:

  • Has a presence in any EU country or
  • Processes personal data of EU citizens

GDPR compliance applies to any business that:

  • Has 250 or more employees or
  • Processes sensitive or large amounts of personal data

Personal data is defined as any PII or personally identifiable information such as name, identification number, location data, email address, photographs, social identity, economic status, physical abilities or anything that refers to that individual.

Users have specific rights under the GDPR including:

  • The right of transparency including clear data consent forms, which data is being collected, access to that data and how it is being used
  • The right to rectify inaccurate data
  • The right to be “forgotten” including withdrawing consent and deleting all personal data from a business
  • The right to object how the data is being used
  • Data portability to transfer data between companies upon request

Companies must report data breaches within 72 hours and specify the number of exposed records, the types of data breached, what has been done to address the breach and mitigate any adverse effects, and the consequences of the breach.

Companies must also perform assessments to identify and address the risk of fraud or breaches. If the organization meets any of the requirements of 250 or more employees, processes highly sensitive or large amounts of EU citizen data, regularly collects or monitors data subjects or are a public authority, they will need to hire a data protection officer to oversee compliance.

Depending on the type of non-compliance, penalties could be from 2% or 10 million euros  up to either 4% of the business’ annual global turnover(based on the previous fiscal year) or 20 million euros.

How Will Companies Comply with GDPR?

5 Critical Features of a Long-Term Data Storage InfrastructureThe penalties and stringent requirements of GDPR have organizational leaders worried about compliance by the May deadline. Although the regulation was adopted by the EU, global organizations could be at risk for punitive fines. Over 70% of U.S. businesses have begun preparing for GDPR and have spent $ 1 – 10 million to prepare. Some businesses have opted to reduce their EU presence temporarily until they meet GDPR standards.

Companies can prepare for GDPR compliance by:

  • Documenting what data is collected, who has access, and where it is stored
  • Creating rules and processes for data access and use
  • Building security controls for protecting data
  • Establishing protocol for responding to data breaches
  • Assessing the risks of data fraud and GDPR non-compliance

How Can NEC Help?

GDPR compliance challenges are prompting business leaders to lean heavily on their technology partners for solutions. A provision within the data protection regulation is “privacy by design” which requires technology solutions to natively build in data security from the onset. The good news is that NEC has a robust data platform that is built to secure data and help make data manageability easier: NEC HYDRAstor.

HYDRAstor offers a scalable and customizable platform for small-to-medium and enterprise businesses, including the ability to upgrade with no disruptions and expand to almost unlimited data growth.

NEC’s erasure-coded resiliency eliminates a single point of failure, keeping data protected and secure on HYDRAstor’s grid architecture. Erasure coding distributes data across the storage grid, so disk or node failures don’t disrupt the availability of data. Data resiliency automatically rebuilds only bad sectors, enabling a faster disk rebuild than traditional RAID.

HYDRAstor’s encryption technology protects data from unauthorized access to lost or stolen disks by encrypting data prior to being written to disk. Data that may need to be classified can exist in the same system as unclassified data due to HYDRAstor’s Write-Once-Read-Many (WORM) capability for regulatory compliance.

NEC’s HYDRAstor backup partners such as Veritas, Veeam, Commvault, and more, are also preparing for GDPR compliance, offering simplified management interfaces for data protection managers.

Concerns about data availability, security, and the deletion of user’s personal data can be handled seamlessly with NEC’s HYDRAstor. To learn more about NEC HYDRAstor, visit www.necam.com/HYDRAstor.

In a dynamic and global economy, our experts anticipate that GDPR compliance will be universally adopted in the near future.

If your company has presence in any EU country, please contact us today for a complimentary consultation on your data storage and security requirements.

Smart Enterprise

Free Ebook
5 Critical Features of a Long-Term Data Storage Infrastructure

Managing your large flow of data presents 5 increasingly complex challenges: Scalability, Capacity, Performance… To learn more about these challenges and how to solve them, fill out the form and download the ebook.



Calling All SpiceHeads!

NEC Engages the SpiceWorks Community in 2016

With social media now a major part of our everyday lives, it is no surprise that groups with similar interests and experiences form almost instantaneously across the internet. Everyone knows the most popular social media applications like Facebook, LinkedIn, Twitter as well as a number of other applications and sites that cater to specific audiences.

For IT professionals, one of the major social media networking sites of choice is Spiceworks. The site connects IT pros with an online community of their peers from around the world. It also provides them with useful tools, for free, to help them do their jobs. Applications such as network inventory, network monitor, and help desk as well as rich APIs that developers and the world’s largest tech brands use to build applications and help IT pros solve their unique challenges.

It also provides a forum for IT pros to share experiences and expertise with millions of their peers, and they can reach thousands of vendors to troubleshoot, get product advice, keep up with tech trends, and even advance their careers. And most uniquely, it is a place where they can connect 1:1 and build real relationships with tech marketers.

NEC Corporation of America has its own Spiceworks vendor page with over 2,000 followers and regularly participates in the annual SpiceWorld IT Conference, with this year’s North American Conference held November 1-3 in Austin, Texas. There is also a European conference scheduled for May of next year to be held in the United Kingdom.

NEC sponsored a booth at the North American conference, where “SpiceHeads,” as they call themselves, from around the region were in attendance, many of whom learned that NEC is more than just projectors and LCDs. The interactive booth exposed them to the wide range of IT products and services XS that NEC has to offer. Subject matter experts (SMEs) were on hand to provide more in depth information about the solutions on display.

SpiceHeads have established SpiceCorps groups throughout the country that hold monthly meetings, often held at vendor locations. NEC sponsored a meeting of the Dallas/Ft. Worth SpiceCorps Group, with 24 members in attendance. The event provided an opportunity for the DFW SpiceCorps group to tour our Executive Briefing Center, where they learned that NEC is much more than display screens, we provide products and services that empower the Smart Enterprise.

Prior to the meeting, NEC sent out a survey to the members and asked them what topics they would like covered. This was an effective way of ensuring that the presentations focused on the topics they wanted to hear about, as well as provide an opportunity to discuss how NEC solutions can help tackle their most challenging IT issues. Members noted that NEC was the first vendor to use this approach and they were appreciative and impressed.

NEC executives Larry Levenberg, Vice President – Sales & Channel Marketing, and Ram Menghani, Vice President – UC Products & Support, were on hand as well as SMEs from every NEC business unit. Topics during the highly interactive and informative presentations during the meeting ranged from Software Defined Networking (SDN), business continuity, data storage solutions, and a preview of NEC’s cloud-based solutions. NEC’s Sam Safa presented Simplifying the Network with Software Defined Networking, which was especially popular, with members engaging with him during and after the meeting ended. Some fun was mixed in, with prize giveaways of NEC branded items and other promotional gifts, as well as the big prize of a drone. Congratulations to Aaron Siegal of TXI Corporation, winner of the drone!

NEC plans to host more SpiceCorps meetings around the country several times a year. Be sure to subscribe to the NEC Today blog or follow us on Spiceworks for insightful posts on IT and Communications industry topics, updates on NEC products and services, and dates, times and locations of upcoming NEC sponsored SpiceCorps meetings.

 

Free Ebook: Succhess with SIP 2.0

Questions?

Let us know!

Have questions about an NEC Solution? Fill out the form, and one of our solutions experts will be happy to chat with you!

 
 
 
 
 



Behavior Analytics for IT System Performance Management

IT system performance management has become more difficult due to  increasing complexity, scale  and dynamicity driven by changing business and technology advancements including virtualization, cloud computing and XaaS delivery models.  Business and IT leaders are challenged more than ever to maintain the IT system performance required to sustain business critical services and operations while minimizing costs.

Based on review of available IT system performance management tools and technologies, NEC has determined a need for more fundamental innovation to achieve sustainable performance management solutions.  NEC R&D developed patented behavior analytics technology called Invariant Analyzer to help overcome the limitations of conventional IT performance management technologies.

Invariant Analyzer for System Performance ManagementInvariant Analyzer enables automated learning and discovery of normal system performance behavior to eliminate the need for labor intensive and costly and slow manual maintenance required by conventional performance management tools and technologies.  In addition, Invariant Analyzer provides predictive anomaly detection based on analysis of many invariant behavior relationships across multiple IT domains (e.g. application, server, network, etc.) that is more robust and accurate to help prevent and minimize business impact.

NEC is currently working with IT system performance management software providers to bring the power of Invariant Analyzer to users as a behavior analytics engine that leverages and integrates with existing IT system performance management environments.