Changes to Europe’s General Data Protection Regulation (GDPR) comes into force on May 25, 2018. For those unfamiliar, the law grants European citizens comprehensive rights over personal data that organizations store and process. GDPR places additional burden on the companies, and those that fail to comply face hefty fines.
The deadline is fast approaching, yet many companies have not started preparing. While no single solution can ensure compliance, here are four key components to keep in mind as you evaluate solutions:
1. Unified Management
Companies often hold personal data on customers, employees, vendors, contractors, and other entities. This data can be spread across a variety of sources like VMs, databases, files, and Exchange Mailboxes. Unfortunately, this fragmented infrastructure makes managing and protecting workloads a major challenge.
In addition to being tedious, a patchwork of point solutions can complicate GDPR compliance. Using a single comprehensive solution enables users to define and enforce a data management policy across their entire infrastructure. With Rubrik, one platform supports all common data management scenarios (backup, disaster recovery, archival, etc.) and protects a wide variety of workloads like VMs, physical servers, databases, NAS Shares, and public cloud. This broad and fast-growing support matrix helps organizations enforce their IT policy from a single screen.
2. Policy-driven Automation
Under the GDPR regime, companies must have defined policies of where the data is stored and how long it is retained based on business use cases. With Rubrik, all data management happens via customer-defined service-level agreements (SLAs). These SLAs allow customers to define the frequency of backups, retention, how long backups must be aged, and storage. Furthermore, Rubrik’s auto-discovery feature allows customers to rest assured knowing that an SLA is automatically applied to any newly added VM. This helps customers automate policies and simplify compliance as their environment grows.
3. End-to-End Encryption
One key principle of GDPR is “Security by Design,” meaning that a solution must be built with security in mind from the ground up. GDPR identifies encryption as a way to reduce the risks to individuals from a data breach or loss. We at Rubrik agree. That’s why our platform secures data both at rest and in flight. Rubrik supports AES-256 software-based encryption on all data protected by the appliance. Our r500 appliance also delivers FIPS-240-2 Level-2 compliant hardware-based encryption. And for all the supported archival locations, encryption is a default.
4. Role-based Defined Access
Security also refers to protecting against internal employee threats. To align with this principle, employees within a firm can only have access only to relevant data. Rubrik’s Role-Based Access Control (RBAC) allows customers to set access policies for different subsets of resources and what actions can be performed. This helps ensure that each user only touches data they own and mitigates the risk to personal data from human error or malice.
To say that GDPR is comprehensive is an understatement, and implementation of these regulations is fast approaching. Coming up with an IT action plan for GDPR can seem like a daunting task. But a modern solution like Rubrik can help launch your path to compliance by centralizing data management across your entire infrastructure with simplicity at its core.