Until now, the general principle surrounding the gathering of data is that too much is never enough. But with the strict General Data Protection Regulation going into effect next May for companies with operations in Europe or any company that holds data on European citizens, there is a distinct possibility that a significant amount of data may soon be deleted to avoid the chance of a major financial penalty.

The new European laws require an individual’s consent for a company to hold data on them, and the holders of that data must demonstrate the information’s relevance for company operations or to deliver a service. As a number of data protection consultants are finding, this is a tall order that a number of companies may not want to fill.

“Companies will have to reevaluate what kind of data they hold and for what purpose,” said Famke Krumbmüller (pictured, right), partner and head of political risk at OpenCitiz, a political risk consultancy.

Krumbmüller stopped by theCUBE, SiliconANGLE’s mobile livestreaming studio, and spoke with host Stu Miniman (@stu) during the Nutanix.NEXT EU event in Nice, France. She was joined by Nina Vassilieff (pictured, left), security and GDPR consultant. They discussed the work necessary to identify key data, a current lack of GDPR awareness among many companies, and the potential for leniency if violators are caught. (* Disclosure below.)

Finding the data is a challenge

For a company to effectively decide what to keep and what to dispose, the first order of business is to figure out what it has. One client of Vassilieff’s assured her his firm only had 40 applications — until shadow software uncovered triple that amount.

“IT has a big role to play,” Vassilieff said. “It’s forcing best practices, it’s forcing inventories, audits, and it’s cutting costs at the same time.”

Another issue facing the technology industry is an overall lack of awareness around GDPR. Companies in the U.S. and Europe are starting to think about the impact but have yet to take action, according to the consultants, and only one-third of businesses in France even know that the new regulations are coming.

“A lot of companies inside of Europe, but also outside, who will be concerned about GDPR are not even aware that this regulation exists and that they will need to comply,” Krumbmüller said.

The deadline for compliance is May 25, 2018. Some information technology executives have speculated that European Union authorities could be lenient in doling out fines for violations, but that may not apply for larger companies.

“If the Amazons and the Facebooks don’t comply, that will be a huge problem,” Krumbmüller said. “If a small business doesn’t comply, that’s maybe a little bit different.”

Watch the complete video interview below, and be sure to check out more of SiliconANGLE’s and theCUBE’s coverage of Nutanix .NEXT EU. (* Disclosure: TheCUBE is a paid media partner for the Nutanix .NEXT EU event. Neither Nutanix Inc., the event sponsor, nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE