U.S. & APAC Companies Pay Attention: The GDPR Deadline Looms for the EU

With Facebook under scrutiny for sharing users’ data with third-party data brokers, more internet users are questioning the privacy of and access to their personal information. European Union businesses and citizens have been concerned since at least early 2012 when the proposal for General Protection Data Regulation (GDPR) was released. The official GDPR regulation was adopted by all member states and the European Parliament in 2016. Beginning May 25, 2018, any organization that has a presence in an EU country or houses the personal data of EU citizens will have to comply with the GDPR standards.
GDPR also pertains to any businesses that:

  • Has operations in the EU
  • Is doing business with an EU company or a US company that has operations in the EU
  • Has any level of data involvement with EU companies

The penalties for GDPR non-compliance are severe. Should North American or APAC businesses be concerned?

What Lead to the GDPR Proposal?

Until the 2012 proposal, countries in the EU had their own regulations due to each individual nation’s interpretation of the Data Protection Directive from 1995. The patchwork of inconsistent rules caused organizations to rely on additional resources to comply with different national procedures and laws, especially as more data was collected in the decades since.

Although each nation had its own data protection laws, the enforcement of those laws was negligent. EU businesses were given security guidelines to follow and were self-regulating, but PwC’s 2018 Global Economic Crime and Fraud Survey states that only 54% of global organizations have conducted a fraud assessment in the past two years. One in ten had not performed any type of risk assessment in the same time frame.

With the implementation of GDPR, the EU market will save an estimated 2.3 billion euros or $2.85 billion every year. However, they are also held liable for data security and fraud protection.

What Does GDPR Require?

GDPR sets minimum standards for data protection for any business that:

  • Has a presence in any EU country or
  • Processes personal data of EU citizens

GDPR compliance applies to any business that:

  • Has 250 or more employees or
  • Processes sensitive or large amounts of personal data

Personal data is defined as any PII or personally identifiable information such as name, identification number, location data, email address, photographs, social identity, economic status, physical abilities or anything that refers to that individual.

Users have specific rights under the GDPR including:

  • The right of transparency including clear data consent forms, which data is being collected, access to that data and how it is being used
  • The right to rectify inaccurate data
  • The right to be “forgotten” including withdrawing consent and deleting all personal data from a business
  • The right to object how the data is being used
  • Data portability to transfer data between companies upon request

Companies must report data breaches within 72 hours and specify the number of exposed records, the types of data breached, what has been done to address the breach and mitigate any adverse effects, and the consequences of the breach.

Companies must also perform assessments to identify and address the risk of fraud or breaches. If the organization meets any of the requirements of 250 or more employees, processes highly sensitive or large amounts of EU citizen data, regularly collects or monitors data subjects or are a public authority, they will need to hire a data protection officer to oversee compliance.

Depending on the type of non-compliance, penalties could be from 2% or 10 million euros  up to either 4% of the business’ annual global turnover(based on the previous fiscal year) or 20 million euros.

How Will Companies Comply with GDPR?

5 Critical Features of a Long-Term Data Storage InfrastructureThe penalties and stringent requirements of GDPR have organizational leaders worried about compliance by the May deadline. Although the regulation was adopted by the EU, global organizations could be at risk for punitive fines. Over 70% of U.S. businesses have begun preparing for GDPR and have spent $ 1 – 10 million to prepare. Some businesses have opted to reduce their EU presence temporarily until they meet GDPR standards.

Companies can prepare for GDPR compliance by:

  • Documenting what data is collected, who has access, and where it is stored
  • Creating rules and processes for data access and use
  • Building security controls for protecting data
  • Establishing protocol for responding to data breaches
  • Assessing the risks of data fraud and GDPR non-compliance

How Can NEC Help?

GDPR compliance challenges are prompting business leaders to lean heavily on their technology partners for solutions. A provision within the data protection regulation is “privacy by design” which requires technology solutions to natively build in data security from the onset. The good news is that NEC has a robust data platform that is built to secure data and help make data manageability easier: NEC HYDRAstor.

HYDRAstor offers a scalable and customizable platform for small-to-medium and enterprise businesses, including the ability to upgrade with no disruptions and expand to almost unlimited data growth.

NEC’s erasure-coded resiliency eliminates a single point of failure, keeping data protected and secure on HYDRAstor’s grid architecture. Erasure coding distributes data across the storage grid, so disk or node failures don’t disrupt the availability of data. Data resiliency automatically rebuilds only bad sectors, enabling a faster disk rebuild than traditional RAID.

HYDRAstor’s encryption technology protects data from unauthorized access to lost or stolen disks by encrypting data prior to being written to disk. Data that may need to be classified can exist in the same system as unclassified data due to HYDRAstor’s Write-Once-Read-Many (WORM) capability for regulatory compliance.

NEC’s HYDRAstor backup partners such as Veritas, Veeam, Commvault, and more, are also preparing for GDPR compliance, offering simplified management interfaces for data protection managers.

Concerns about data availability, security, and the deletion of user’s personal data can be handled seamlessly with NEC’s HYDRAstor. To learn more about NEC HYDRAstor, visit www.necam.com/HYDRAstor.

In a dynamic and global economy, our experts anticipate that GDPR compliance will be universally adopted in the near future.

If your company has presence in any EU country, please contact us today for a complimentary consultation on your data storage and security requirements.

Smart Enterprise

Free Ebook
5 Critical Features of a Long-Term Data Storage Infrastructure

Managing your large flow of data presents 5 increasingly complex challenges: Scalability, Capacity, Performance… To learn more about these challenges and how to solve them, fill out the form and download the ebook.



Marketplace Buzz at SpiceWorld 2017

Image Source: Spiceworks

“So How Can We Really Secure Our Network?”

Network security seemed to be at the top of everyone’s minds this year at the SpiceWorld 2017 Expo–how to protect your critical operations and secure your data. While we were demonstrating fault tolerant (FT) high availability servers in the NEC booth at the Expo, we met with IT pros from around the globe and had the opportunity to show more than 100 demos, and hear first-hand what’s at the top of many IT worry lists.

Repeatedly, concerns were voiced that if large Multi-National Enterprises (MNE’s) with seemingly endless resources and (we’re told) "top tier network security" can be hacked, then where does that leave smaller and mid-tier organizations?

The big question was “How do we protect our data, and make sure our business is disaster-proof?” What practices can we put into place for an actual worry-free, easy to manage IT environment?

Some specific topics that emerged were:

  1. Doing More With Less Many were interested in exploring how we can better secure our networks, and simplify our server storage administration, and still meet infrastructure needs with minimal cost. Organizations want to see a single solution to address backups, archive data, meet requirements for encryption and deliver a mechanism to move data offsite. These worries inevitably led to talks about HYDRAstor®, an award winning high-speed tier 2 data repository that will simplify administration, and save both time and money while addressing these needs.
  2. Disaster Recovery (DR) There was willingness to take a hard look at what we can do to deploy a reliable and cost effective recovery strategy—which is when the FT servers and the NEC IT ecosystem were of major interest. These kind of conversations about DR usually led to a predominant theme that week, about ways to protect our data from external attacks, like from cryptolocker, etc., and how we can efficiently replicate data off-site for DR and for business continuity purposes.
  3. Securing End Points and Mobility  Part of securing your network means not allowing your system to become vulnerable to letting viruses in. This defensive mode also touches on the deploying of technologies that secure all your end points, like smart phones, desktops/laptops, and protecting your remote and mobile work force.
  4. High Costs of Critical Ops Downtime Several manufacturing businesses recognized the value add of the fault tolerant (FT) server as it relates to the high costs of downtime, especially for avoidance of any assembly line disruption, application inconsistency or data log collection for legal purposes. We discussed the very real damages that can occur as result from a manufacture’s lack of ability to demonstrate product quality consistency through the production process. In manufacturing, it’s important to prove that data logs are collected, without interruption, so there is 100% data consistency and no chance of missing information. Yes, time is money, but so are production errors, especially when mistakes are really not acceptable–and evidence is needed to demonstrate as much.

It became very apparent that data security and ways to safeguard business continuity is a hot button right now. If some of these worries are keeping you up at night like so many at SpiceWorld this year, please check out the smart NEC data storage and operational resiliency solutions. This is real, proven data security, folks–solutions that can deliver some serious peace of mind.

To keep up with us on the latest at NEC, please join us on our NEC Spiceworks page.

For more information and to discuss your IT needs, feel free to reach out to NEC. Just let us know and we would be happy to provide you with an overview from one of our subject matter experts.

NEC Corporation of America

Want More Information?
Let Us Know!

Have questions about an NEC Solution? Fill out the form, and one of our solutions experts will be happy to chat with you!