Menu
Plan now for the EU's privacy regulation revolution, says HPE exec

Plan now for the EU's privacy regulation revolution, says HPE exec

The EU's personal data protection laws don't change until May 2018, but HPE is launching its compliance tools now

The cost of complying with the European Union's General Data Protection Regulation might seem like something best deferred until it enters force in 2018 -- but working on compliance just might boost profit, not reduce it.

The GDPR, the EU's latest rewrite of its data privacy laws, doesn't enter effect until May 25, 2018, but already IT companies are talking up their software and services for complying with the new rules.

It's not just an issue for EU enterprises: Any company processing the personal information of EU citizens is affected.

What those companies can do with that information is more tightly controlled than before. Collection and processing of sensitive information is only allowed if the person concerned opts in, unless the information processing is necessary to fulfill a contract or to protect the person's vital interests.

That contract fulfillment provision isn't a catch-all, either: If someone wants to buy a pair of sunglasses online, you can't insist that they tell you their shoe size, for example, before accepting their order. The data collection has to be necessary.

Businesses not only have to protect their customers' data, they have an obligation to tell them if they slip up. Data breaches that pose a significant risk to those concerned must be disclosed within 72 hours.

The cost of not complying could be high: a fine of up to €20 million (US$22 million) or 4 percent of worldwide revenue, not to mention the resulting decline in customer confidence.

One of the GDPR's requirements would be a sensible first step for many businesses even if it weren't mandated: For companies to classify all the data they hold that falls under the new regulation.

That one step could be a money-maker, rather than a money pit, according to Joe Garber, Hewlett Packard Enterprise's global vice president of marketing for information management and governance software.

"Once you get your data in order, once you get insight into your information, then you can mine that information for value, strategic information about what your customers really want."

There's also scope for cost savings on a number of fronts.

By moving their data into a central, searchable repository, businesses may find they can retire older applications. "We've had customers shutting down thousands of apps," Garber said.

And in examining that data, they may find they're better off not storing it at all. "Some percentage of that information won't have value for the organization, and at $20 per gigabyte for its lifecycle, it has a cost."

So is evaluating which information falls under the GDPR going to be a make-work project, as thousands of terminal operators repeatedly choose to "protect," "ignore" or "delete" as they click through customer records and email files?

Well, no. To start with, it's pretty obvious that a database of email or physical addresses, or credit card numbers, is going to be sensitive information, so much of that process can be automated.

"The big deal is unstructured information. It requires context," Garber said.

HPE, like a number of other companies, already has software tools that can make this kind of assessment, looking out for clues in email or other records that indicate the presence of credit card or bank account numbers and the like.

On Thursday, HPE began explicitly packaging some of its existing tools as solutions to particular GDPR compliance tasks, a move that will simplify matters for worried customers -- and perhaps bring HPE a little extra revenue in the run-up to 2018.

Its Personal Data Assessment tool will automatically identify information that falls under GDPR rules, while Secure Content Management will apply the appropriate policies to the data once assessed. It even has a Litigation Readiness and Response tool for dealing with investigations and lawsuits.

The portfolio is modular, leaving companies free to pick and choose whether to buy some elements elsewhere or to roll their own regulatory response.

Whoever businesses intend to hand the GDPR compliance tasks to, Garber thinks they should start right away.

"Many of these solutions will take some time to set up," he said.

And with a potential €20 million fine riding on the outcome, "If they wait until 2018 to switch the technology on, it will be too late," he said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments