AI Insights
Showing results for 
Search instead for 
Did you mean: 

Get Ready for GDPR: Anyone Doing Business in Europe Needs to Tune In



The GDPR regulation not only impacts companies in Europe but also those in the U.S. and the rest of the world that do business in Europe. Find out how HPE Gen10 can help you get ready and avoid massive fines. 

Gen10_GDPR_blog.jpgThe new General Data Protection Regulation (GDPR) in Europe goes into effect in May 2018, and indications are strong it will likely be enforced more strictly with much higher financial penalties than US regulations. Is your company ready—have you applied sufficient protection to your sensitive customer information?

It’s important to consider that the regulation impacts not only companies in the European Union and the United Kingdom, but also those in the US and the rest of the world that do business in Europe. Given the massive fines and penalties (up to 20 million euro or 4% of a company’s revenue, whichever is greater), there’s a sense of urgency to prepare now for the new regulation.

Each business bears the responsibility

At HPE, we are sensitive to the regulatory needs of our customers around the world and have implemented many IT security controls that assist with GDPR compliance and other regulations. It’s important to realize, however, that any company doing business in Europe bears the full responsibility of complying with GDPR. We emphasize this point because many customers are pushing the responsibility for compliance back to their infrastructure manufacturers.

Customers need to oversee their own compliance efforts because the GDPR is not really a certification at all. This makes it impossible for HPE or any other infrastructure providers to offer GDPR-certified products. What we can do, however, is provide the world’s most secure industry standard servers and other infrastructure security solutions that aid in compliance and help businesses avoid the penalties. 

U.S. standards can play a key role

Customers that purchase products with advanced security features, like HPE Gen10 servers, will no doubt make a show of good faith to the EU regulatory bodies that they are doing everything possible to comply with GDPR. In addition to other security measures, HPE applies the security controls recommended by the National Institute of Standards and Technology (NIST) to our entire solution stack of HPE hardware and software. This too will to help with GDPR compliance. 

While it may seem counterintuitive to utilize the standards of a U.S.-based agency to help comply with a European regulation, experts attest that it does indeed help. Given that all U.S. federal agencies must follow NIST standards in developing cybersecurity protections—as mandated by the May 2017 Presidential executive order—European firms recognize the strength of NIST security controls.  

Strict adherence to NIST standards

Working in close collaboration with InfusionPoints, which specializes in advising technology companies on designing secure and compliant solutions, HPE has specifically applied the NIST 800-53 security controls to all HPE servers, networking, and storage solutions. As part of this process, we put the complete stack of HPE and partner technologies through a rigorous process against the NIST standards, which include integration, security control development, documentation, risk assessment, and vulnerability/penetration testing.

Taking these measures allows federal agencies and other customers to audit our solutions for compliance with FISMA, FedRAMP, and GDPR, among others. Additionally, complying with NIST provides a ready-made Authority to Operate (ATO) package that can shorten accreditation cycles more than 50%. The compliance also provides assurance IT systems will stand up to the rigors of ongoing Continuous Diagnostics and Mitigation (CDM) processes.

Verified HPE solutions include HPE 3PAR storage as well as HPE Gen10 Apollo and HPE ProLiant servers, while accredited software includes a full stack of cloud-enabling software, providing everything your organization needs to implement a private cloud.

Applicable to regulatory controls across many industries

The broad acceptance of NIST standards, combined with our conformance to the Risk Management Framework (RMF), makes HPE solutions applicable to regulatory controls across many industry verticals:

  • Healthcare (HIPAA)
  • Energy (NERC CIP)
  • Retail (PCI DSS)
  • Financial (GLBA)
  • International (GDPR/ISO 27000)

As an example, 100% of the controls in the NIST framework can be leveraged directly towards achieving ISO 27000 series accreditation. To learn more about the enterprise IT security offered by HPE Gen10 servers that can help your business comply with these various regulations, check out this video:

Security also a looming concern

In addition to compliance, IT network security is also a looming issue for all businesses. The threat landscape is increasing, and attacks are becoming more sophisticated. To defend against this risk, protecting servers at the software level is no longer enough. Your business needs to reach down into the physical system to stay ahead of the threats. HPE delivers this protection through our unique server firmware protection, detection, and recovery capabilities. Find out how by reading the Moor Insights and Strategy white paper, HPE Locks Down Server Security.

Featured article:  GDPR compliance protects data privacy and the bottom line  

0 Kudos
About the Author


Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.