veritas and gdpr - coming computer engineering · ediscovery platform –audit ready discovery,...
TRANSCRIPT
Veritas and GDPR
Nedeljko Štefančić
Senior Technology Consultant
2
The new EU Data Privacy Law
25th May, 2018
Ready made Privacy Law
Harmonizes 28 Member States
Protection of Human Rights
Better Control of Information
Copyright © 2017 Veritas Technologies LLC
…. In less than 1 minute
Copyright © 2016 Veritas Technologies LLC3
Tough PenaltiesApplies GloballyPersonal Data
• GDPR has broad applicability
• Be accountable for your data
• No more data hoarding
• The ‘Right To Be Forgotten’
• Mandatory breach notification
General Data Protection RegulationMain Tenets
• Penalty for Non-Compliance: UP TO 4%OF GLOBALANNUALTURNOVER
Copyright © 2017 Veritas Technologies LLC
25th May, 2018
5 © 2016 Veritas Technologies LLC. All rights reserved.
short customer story
GDPR
• The example was just for one person
• Tom kicked off a process with one email
• Tamzin spent ½ day on the request
• Fred spent 2 days on the request manually searching current and legacy systems
• HR spent ½ day on the request
• What would happen on 28th May 2018 if EVERYONE in this room made the same request?
• “I don’t have enough staff” or “I don’t have enough time” is NOT an adequate response
Is your customer ready?
6 © 2017 Veritas Technologies LLC. All rights reserved.
short customer story
GDPR
“The Right to be Forgotten?” Change to “The Right to be Found”!
Traditional approach is structured/semi-structured data only
Complete response should include Dark Data
What about unstructured data, and copies outside traditional controls?
PST BACKUPS
PST BACKUPS
DR Data Centre and Cloud Services
REPLICAS
Laptops
Data Insight – Scans of File Systems and User Access Patterns
Enterprise Vault – Archiving & Index, Journaling, Search
eDiscovery Platform – Audit Ready Discovery, Review & Proof of Process
InfoMap – Global NetBackup Insight & identify Data for Removal from Backups
InfoScale – Ensuring Replication of Deletions
How?
Veritas Information Governance Solution Portfolio
Search Databases, Email, SharePoint
Tom
2
6
Tom says: “What data do you have on me?”
1
Define search scope
3
Present findings Audited Delete
Tom
4Tom
Evidence Report to Tom& Legal/Compliance
5
Voice
Messaging
CLOUD Applications
Data subjects have to be foundto be forgotten
• If your business gets a request from a data
subject, can you find their data to action it? Can
you do it quickly?
• Do you have an easy way to pass the personal
data you retrieve to the compliance team to for
review?
• Have you got procedures to ensure the right
personal data is
disclosed/deleted/corrected/ported?
• Can you prove you did what you said you did, and
can you prove that you have made best efforts to
find all relevant information?
7 Copyright © 2016 Veritas Technologies LLC
Copyright © 2017 Veritas Technologies LLC8
33%
52%Dark Data
ROT
15%Clean
The PeopleGlobal Databerg Report
The Data Data Genomics Index
Key Veritas research shows the DATA problem
The RealityThe Data Hoarding Report
9 Copyright © 2017 Veritas Technologies LLC
Most organizations have no idea what information they
have, what it is worth, or why they keep it. But they will
keep it.
FOREVER
Problem 1
Most organizations have no idea where their sensitive, regulated, or most valuable
information is,
NOR WHO HAS ACCESS TO IT
Problem 2 Problem 3
When organizations need to actually find information it takes too long, costs too
much, and usually is missing results or has too many
results.
OR BOTH
Which created 3 OVERARCHING problems
Five Capabilities Required for GDPR Compliance
MINIMIZELOCATE
SEARCH PROTECT
MONITOR
Copyright © 2017 Veritas Technologies LLC
Veritas has a
Comprehensive Solution
for Regulatory Compliance
Readiness
Copyright © 2017 Veritas Technologies LLC
Uncover Personal Data and make it visible
Article 30
Data InsightInformation Map
Make Personal Data searchable
Articles 15, 16, 17, 18, 20
EDiscovery PlatformEnterprise Vault
Minimize and place controls around Personal Data
Articles 5, 17, 32
Enterprise VaultEnterprise Vault.cloudData InsightAccess
Protect Personal Data from loss, damage or breach
Articles 5, 25, 32, 33, 34, 35
NetBackupBackup ExecData InsightInfoScaleVRPAccess
Ensure continual adherence to GDPR standards
Articles 5, 15, 16, 17, 18, 20, 24, 35, 42, 44, 45
Data InsightEnterprise VaultEnterprise Vault.cloud
PersonalData
Why are we holding onto
stale and non-business
data that increases risk?
Call to action – move,
archive, delete what we
don’t need.
LOCATE
Map your data – where is
it stored?
Who owns the data?
What do we do with
Orphaned data?
Create Reports on Data
Call to action – move,
archive, delete what we
don’t need.
LOCATE
Map your data – where is
it stored?
Who owns the data?
Data Insight™
SEARCH
Take advantage of
Transparent Predictive
Coding to accelerate
analysis and review
Perform redaction when
exporting Subject Access
Request data
Make Personal Data
Searchable – wherever it
may reside
Search data by custodian,
in a controlled, audited
fashion
SEARCH
Filter by keywords , using
wildcards
Perform additional actions
as download or delete
Make Personal Data
Searchable – wherever it
may reside
Filter data by metadata
and types
MINIMISE
Store data in a fully
audited GDPR compliant
store
Import PST of NSF files to
reduce risk of hidden
personal data
Classify data based on
content or metadata,
using out of the box rules
Control Retention based
on source or
classification, discard
what you don’t need
PROTECT
NetBackup and
Backup Exec
protects your data
from loss
BACKUP HA / DR BREACH STORE
Resiliency
Platform keeps
your data available
at all times
Data Insight
protects against
data breaches
Access offers software defined
storage control and protection for your
data
MONITOR
Detect Anomalies in user
behavior
Detect and prevent insider
threat
Perform proactive risk
profiling
Find open Access Control
Lists
Data Insight™
Retention Schedule
Disposition
Supervision Tags
Classification
Legal Hold
Full content search
Age
Extension
Owner/creator
Server
Share
Behavior
Semantic analysis
Clustering
Predictive coding
Concept search
Data InsightInfoMap
Enterprise Vault eDiscovery Platform
Copyright © 2017 Veritas Technologies LLC20
Next Steps
&Q A
Copyright © 2017 Veritas Technologies LLC
Thank you!
Copyright © 2017 Veritas Technologies LLC. All rights reserved. Veritas and the Veritas Logo are trademarks or registered trademarks of VeritasTechnologies LLC or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice.
Nedeljko Štefančić