Ensuring GDPR Compliance with Cohesity
GDPR and Data Storage
The EU General Data Protection Regulation (GDPR) is a regulation designed to strengthen data protection for residents of the EU. GDPR will become effective on May 25th, 2018, and applies to any company controlling or processing personal data of EU residents, regardless of the location of the company.
GDPR imposes a broad set of legal, governance and technical requirements on companies processing personal data. A subset of these requirements – those related to data protection and data management – are particularly relevant for storage platforms used to store personal data. They include:
- Data protection by design: Personal data must be secured against unauthorized or unlawful access. Companies should encrypt the data and restrict access to the entities processing the data.
- Data integrity: Personal data must be protected against accidental loss, destruction or damage, including ransomware.
- Data minimization: Companies should minimize the personal data they store, and only keep the minimum set of data required for processing purposes. Data should be deleted once the use case for processing concludes.
- Right to erasure/right to be forgotten: Data subjects have the right to request the erasure of their personal data from the company’s systems.
- Restricted data transfers: Transfers of personal data to “third countries” must be restricted to countries and organizations that offer an adequate level of protection. Data transferred to other countries or locations – such as a public cloud – must continue to meet GDPR requirements for data protection.
Cohesity Simplifies GDPR Compliance
Legacy secondary storage consists of a patchwork of point appliances that make GDPR compliance difficult to achieve.
Data is copied across silos (for backups, archive, test/dev, and analytics) and must be protected and managed multiple times across silos using a variety of point solutions. If any single one of these silos is noncompliant, the whole organization could be liable for significant penalties.
To continue reading download the full whitepaper...