Any organization that wishes to operate in the European Union (EU) will have to make sure it’s in compliance with the new General Data Protection Regulation (GDPR) directive that’s set to come into force early next year. With that in mind, Hewlett-Packard Enterprise Co. (HPE) today introduced a raft of software solutions designed to help enterprises to comply.

If you don’t know what the GDPR is, now is probably the time to educate yourself. Introduced partly in response to former NSA contractor Edward Snowden’s revelations of U.S. government spying, the new rules set an extremely high bar regarding data protection, privacy and security in the EU. They apply to all organizations based in the EU, plus any that collects data on EU citizens, regardless of where they’re based.

One of the main areas of focus is on data governance, and the regulations stipulate that privacy impact assessments will be mandatory for any high-risk processing activities, such as large-scale processing of data or profiling activities.

One rule states that organizations must demonstrate something called “privacy by design,” which means showing that they’ve anonymized any data they’re storing and built privacy protection into their staff policies. When choosing third-party data processors, companies responsible for customer data must regularly assess their procurement processes and may have to abide by EU-approved boilerplate clauses in service provider contracts.

The new regulations also dictate that organizations must provide customers with more information about the data they collect, and how they do it. This includes providing contact details for the company’s data protection officer, who is the person responsible for looking after that data, and the details of any data transfers to facilities outside the EU. In addition, there are greater limitations on the use of consent, which means the subjects of the data must grant separate consent for different activities its used for, and they can withdraw that consent at any time.

The GDPR also enables the right for individuals to have their data erased, and companies will have to pass that request along to others should they have already made that data public, or sold it to third-parties.

The above examples are just the tip of the iceberg, but organizations be warned – failing to comply with GDPR can result in a fine of up to four percent of an organization’s global annual revenue, or 20 million euros.

Research firm Gartner Inc. recently warned that when GDPR comes into force in May 2018, a single complaint against an organization could lead to an audit and potential fines. As such, organizations need to adjust their data management and backup strategies before the rules come into place. They should “start modifying plans, policies, processes and techniques today,” Gartner said.

Helping hand

Of course, complying with such cumbersome regulations manually would be challenging to say the least, which is why HPE is hoping to offer a helping hand. The company has just launched a new suite of software solutions designed to address all of the particulars ingrained in the GDPR.

The solutions, which are part of HPE’s Security and Information Management and Governance portfolios, have been mapped to specific GDPR use cases, allowing companies to assess and mitigate the risks, all the while remaining in compliance.

“GDPR calls for organizations to classify EU citizen data in scope with the regulations and then apply policies to protect that data,” said David Jones, senior vice president and general manager, HPE Information Management and Governance. “Our broad and market-leading product portfolios, underpinned by rich analytics, helps our customers comply with confidence, grow the trust of their customers, and make GDPR a positive differentiator for their business.”

HPE’s new solutions cover three aspects of GDPR compliance, namely “assessment and preparation,” “implementation” and “monitoring.” The first category includes a solution to help companies with personal data assessment, which automatically classifies which data will fall under GDPR regulations. Other solutions help companies to target data for deletion, in accordance with the EU’s “right to be forgotten,” and deal with breach prevention and response.

HPE’s GDPR implementation products provide companies with the tool set they need to protect their most critical assets, including an adaptive backup and recovery solution that’s designed to work in accordance with GDPR, and encryption and pseudo-anonymization tools that ensure customers’ privacy is respected while neutralizing any data breaches.

Finally, HPE’s monitoring software solutions are designed to help organizations proactively detect and respond to any cyber-threats, in compliance with the GDPR’s mandatory 72-hour window for identifying any such incidents.

“GDPR requires organizations to implement stringent data security measures and mandatory breach notification to better protect customer information,” said Sue Barsamian, senior vice president and general manager, HPE Security Products. “Our innovative solutions help customers protect, detect, respond and recover from threats so they can proactively mitigate risk and maintain GDPR compliance.”

You can read about HPE’s GDPR compliance solutions in greater detail here.

Photo Credit: future.agenda via Compfight cc