Delphix, the company that has changed the dynamics of managing and consuming data, today announced that leading analyst firm KuppingerCole issued a new report outlining how businesses can prepare for data compliance challenges under the EU’s General Data Protection Regulation (GDPR). With just under four months until it takes effect, the report details immediate actions any global organisation can take to ensure they are not subject to millions – or billions – in fines and lost revenues.
“Complying with GDPR regulations will be one of the biggest challenges for global organisations in the next decade,” said Eric Schrock, Delphix Chief Technology Officer. “Non-compliance, whether intentional or otherwise, may have serious implications for a company’s bottom line. It’s imperative for organisations to revisit key data management technologies and deploy the most effective tools for the testing and development process.”
The report outlines the ways that companies can quickly identify sensitive data within the scope of GDPR regardless of data source, provides governance and control for distribution of non-production data, and the importance of masking data to retain its value for development and testing.
Data controllers can address the GDPR requirements by following the report’s action plan:
- Discover personal data used within the organisation, including data used for non-production purposes.
- Classify personal data in a way that takes account of its sensitivity to allow use to be controlled in accordance with GDPR.
- Implement controls over the personal data lifecycle, covering how it is used and distributed within the organisation, to partners and into cloud services.
- Implement data protection by design and default for personal data used for non-production purposes. Ideally personal data used for non-production purposes should be anonymised.
- Where personal data cannot be anonymised, implement controls to meet all the requirements of GDPR.
- To demonstrate compliance controls should provide evidence of why personal data is collected, where it flows, how it is used and when it is erased.
- Contracts with partners and suppliers holding or processing PII should be reviewed to account for GDPR requirements.
The reports also highlights how organisations have used the Delphix Dynamic Data Platform to quickly identify sensitive data within the scope of GDPR regardless of data source, provides governance and control for distribution of non-production data, and masks data via masking while retaining its value for development and testing.
“GDPR comes into force in May, and organisations need to take steps now to ensure compliance,” said Mike Small, Distinguished Analyst at KuppingerCole. “The Delphix Dynamic Data Platform can reduce the costs and risks associated with the use of personal data for non-production purposes when GDPR takes effect.”
For more information and to download your own copy of the report, visit this page.