U.S. & APAC Companies Pay Attention: The GDPR Deadline Looms for the EU

With Facebook under scrutiny for sharing users’ data with third-party data brokers, more internet users are questioning the privacy of and access to their personal information. European Union businesses and citizens have been concerned since at least early 2012 when the proposal for General Protection Data Regulation (GDPR) was released. The official GDPR regulation was adopted by all member states and the European Parliament in 2016. Beginning May 25, 2018, any organization that has a presence in an EU country or houses the personal data of EU citizens will have to comply with the GDPR standards.
GDPR also pertains to any businesses that:

  • Has operations in the EU
  • Is doing business with an EU company or a US company that has operations in the EU
  • Has any level of data involvement with EU companies

The penalties for GDPR non-compliance are severe. Should North American or APAC businesses be concerned?

What Lead to the GDPR Proposal?

Until the 2012 proposal, countries in the EU had their own regulations due to each individual nation’s interpretation of the Data Protection Directive from 1995. The patchwork of inconsistent rules caused organizations to rely on additional resources to comply with different national procedures and laws, especially as more data was collected in the decades since.

Although each nation had its own data protection laws, the enforcement of those laws was negligent. EU businesses were given security guidelines to follow and were self-regulating, but PwC’s 2018 Global Economic Crime and Fraud Survey states that only 54% of global organizations have conducted a fraud assessment in the past two years. One in ten had not performed any type of risk assessment in the same time frame.

With the implementation of GDPR, the EU market will save an estimated 2.3 billion euros or $2.85 billion every year. However, they are also held liable for data security and fraud protection.

What Does GDPR Require?

GDPR sets minimum standards for data protection for any business that:

  • Has a presence in any EU country or
  • Processes personal data of EU citizens

GDPR compliance applies to any business that:

  • Has 250 or more employees or
  • Processes sensitive or large amounts of personal data

Personal data is defined as any PII or personally identifiable information such as name, identification number, location data, email address, photographs, social identity, economic status, physical abilities or anything that refers to that individual.

Users have specific rights under the GDPR including:

  • The right of transparency including clear data consent forms, which data is being collected, access to that data and how it is being used
  • The right to rectify inaccurate data
  • The right to be “forgotten” including withdrawing consent and deleting all personal data from a business
  • The right to object how the data is being used
  • Data portability to transfer data between companies upon request

Companies must report data breaches within 72 hours and specify the number of exposed records, the types of data breached, what has been done to address the breach and mitigate any adverse effects, and the consequences of the breach.

Companies must also perform assessments to identify and address the risk of fraud or breaches. If the organization meets any of the requirements of 250 or more employees, processes highly sensitive or large amounts of EU citizen data, regularly collects or monitors data subjects or are a public authority, they will need to hire a data protection officer to oversee compliance.

Depending on the type of non-compliance, penalties could be from 2% or 10 million euros  up to either 4% of the business’ annual global turnover(based on the previous fiscal year) or 20 million euros.

How Will Companies Comply with GDPR?

5 Critical Features of a Long-Term Data Storage InfrastructureThe penalties and stringent requirements of GDPR have organizational leaders worried about compliance by the May deadline. Although the regulation was adopted by the EU, global organizations could be at risk for punitive fines. Over 70% of U.S. businesses have begun preparing for GDPR and have spent $ 1 – 10 million to prepare. Some businesses have opted to reduce their EU presence temporarily until they meet GDPR standards.

Companies can prepare for GDPR compliance by:

  • Documenting what data is collected, who has access, and where it is stored
  • Creating rules and processes for data access and use
  • Building security controls for protecting data
  • Establishing protocol for responding to data breaches
  • Assessing the risks of data fraud and GDPR non-compliance

How Can NEC Help?

GDPR compliance challenges are prompting business leaders to lean heavily on their technology partners for solutions. A provision within the data protection regulation is “privacy by design” which requires technology solutions to natively build in data security from the onset. The good news is that NEC has a robust data platform that is built to secure data and help make data manageability easier: NEC HYDRAstor.

HYDRAstor offers a scalable and customizable platform for small-to-medium and enterprise businesses, including the ability to upgrade with no disruptions and expand to almost unlimited data growth.

NEC’s erasure-coded resiliency eliminates a single point of failure, keeping data protected and secure on HYDRAstor’s grid architecture. Erasure coding distributes data across the storage grid, so disk or node failures don’t disrupt the availability of data. Data resiliency automatically rebuilds only bad sectors, enabling a faster disk rebuild than traditional RAID.

HYDRAstor’s encryption technology protects data from unauthorized access to lost or stolen disks by encrypting data prior to being written to disk. Data that may need to be classified can exist in the same system as unclassified data due to HYDRAstor’s Write-Once-Read-Many (WORM) capability for regulatory compliance.

NEC’s HYDRAstor backup partners such as Veritas, Veeam, Commvault, and more, are also preparing for GDPR compliance, offering simplified management interfaces for data protection managers.

Concerns about data availability, security, and the deletion of user’s personal data can be handled seamlessly with NEC’s HYDRAstor. To learn more about NEC HYDRAstor, visit www.necam.com/HYDRAstor.

In a dynamic and global economy, our experts anticipate that GDPR compliance will be universally adopted in the near future.

If your company has presence in any EU country, please contact us today for a complimentary consultation on your data storage and security requirements.

Smart Enterprise

Free Ebook
5 Critical Features of a Long-Term Data Storage Infrastructure

Managing your large flow of data presents 5 increasingly complex challenges: Scalability, Capacity, Performance… To learn more about these challenges and how to solve them, fill out the form and download the ebook.



How to Safely Manage the Massive Influx of Data Growth

We are living in an ever-present, data-driven economy. Connected devices and IoT are driving up the collection and distribution of data and creating capacity and management challenges like never before. Not only does the data need to be securely stored, it needs to be available within seconds and 24/7. CIOs and IT directors must identify and face these data management challenges with an efficient, scalable and customizable solution.

Let’s identify these challenges and key questions IT leaders must face to uncover a powerful answer to the enormous influx of data growth.

Platform Scalability and Customization

In 2017, The Economist declared data as the world’s most valuable resource, over oil. With the rise of smartphones and the use of the internet in our daily lives, data has become a valued resource for governments and businesses alike. Every prediction of new future-forward technology involves the collection, dissemination and long-term storage of data, no matter the size of the organization.

The Questions: How can a business effectively store the growth of such a valuable resource? What about legacy systems already in use for storage?
A robust platform is required that can be scaled and customized for both small-to-medium business and enterprise growth. The storage scalability, including upgrades and technology refreshes, must also be seamless and non-disruptive to be a competent solution to this challenge.

The Answer: NEC’s HYDRAstor easily handles the data needs and growth of SMB and enterprise businesses, scaling from 1 to 165 nodes, and managing petabytes of data through compression and deduplication. Upgrades are non-disruptive with the ability to add up to 3 generations of hardware, simultaneously in the same system. The grid architecture features two different node types: hybrids (HN) for expanding both performance and capacity or storage (SN) for expanding capacity only. Data deduplication is distributed globally, across all nodes, and resources required for more power and more capacity are aggregated through the grid. Depending on the needs of the organization, the platform can be configured as required for near unlimited data growth.

Backup Performance, No Failures and No Disruption of Service – NEC/Segue Case Study:

Data Reliability, Availability and Protection

Healthcare organizations rely on accurate data to make life or death decisions for patients. Autonomous vehicles rely on data access to operate safely. Digital financial transactions are monitored for criminal activity and must be available almost instantly. With these and other organizational shifts to the cloud, data must be easily accessible, dependable and secure.

The Questions: Can data be both accessible and secure? Is there a high availability solution that can handle inevitable disk failures or other data disruptions?

The Answer: With no single point of failure, NEC’s HYDRAstor grid architecture offers advanced data protection with erasure-coded resilience. Erasure coding involves distributing the data across the entire storage grid, tolerating up to six concurrent disk or node failures with no disruption. Data resiliency is ensured by the automatic rebuilding of only the lost data, enabling a faster data rebuild than traditional RAID (Redundant Array of Independent Disks).

HYDRAstor offers data encryption prior to being written to disk, securing it from unauthorized access to lost or stolen disks. Classified and unclassified data can also exist within the same node, boosted by HYDRAstor’s Write-Once-Read-Many (WORM) capability and data-shredding for regulatory compliance.

Legal Services Company Turns to NEC:


Simplification of Management

Data migrations are a common pain point among IT departments. Managing a complex data storage solution can be convoluted, especially with the challenge of fork lift upgrade of legacy systems and disparate data backups.

The Questions: How can a storage solution be introduced into an existing environment and still be simple to manage? Is there a need to replace the current systems and software already in place?

The Answer: NEC’s HYDRAstor offers simplified intelligence management software and works with existing backup applications such as Net Backup, Veritas, Veeam, Commvault and more. The system dynamically allocates storage capacity as needed, without user intervention or configuration, through auto provisioning. It also provides a simple, non-disruptive ability to replace legacy hardware and add additional capacity without interruption of data access.

NEC’s Data Storage Partners:

NEC’s HYDRAstor: A Cost-efficient Solution for Data Growth

In 2013, Science Daily predicted that 90% of the data in the world had been generated in the previous two years. Many predict that data will continue to grow exponentially as far into the future as we can imagine. CIOs of small, medium and large organizations must be prepared for the long-term storage and backup of this data, but are understandably concerned about the costs.

The BIG Question: Can a storage platform be all this and cost efficient too?

The Answer: NEC’s HYDRAstor storage platform is well-equipped to handle these data challenges and help create cost-efficiencies in the process.

– Replication to and from disaster recovery sites with encrypted and deduplicated streams ensures data is safe everywhere, is stored cost-effectively, and is moved as fast as possible between sites.
– Storage capacity consumption is reduced through inline global deduplication offering near unlimited storage for data growth.
– For small-to-medium businesses, HYDRAstor is available on virtual appliances using VMWare ESXi or Microsoft’s Hyper-V.
– For enterprise organizations, HYDRAstor can be built out from one to 165 nodes, reaching up to six petabytes of throughput per hour.
– HYDRAstor supports all main backup software vendors and multiple generations of hardware, reducing the need for rip and replace or forklift upgrades.
– Grid architecture and erasure coding distributes data across all nodes for no disruptions in the case of disk or node failures.

Schedule a hassle-free strategic consultation below to learn more about how NEC’s HYDRAstor can help your organization.

Smart Enterprise

Let us assist you with your current business needs!

Are you ready to learn how NEC technology can help your business improve processes, enhance productivity, and reduce operating costs? Fill out the form below, and one of our solutions experts will be happy to chat with you!