AI Insights
Showing results for 
Search instead for 
Did you mean: 

Privacy by design: GDPR offers guiding principles for building a secure IT infrastructure


GDPR principles may impact your IT infrastructure selection. HPE ProLiant Gen10 servers can help with “privacy by design” innovations that offer best-in-class firmware protection, malware detection and recovery.

Blog_GDPR_Bob.jpgThe European Union General Data Protection Regulation (GDPR)—set to go into effect May 25, 2018—is built on principles that may directly impact your IT environment. While complying with the regulation is the responsibility of individual companies in Europe,  these principles also offer solid guidelines for building a secure IT infrastructure to protect your digital assets and may help get you ready for the GDPR.

These principles include incorporating privacy by design—where protection and data retention are built into IT systems upfront (rather than bolted on as an afterthought) to ensure a resilient, privacy-supporting infrastructure. GDPR also requires businesses to implement state-of-the-art IT security based on the level of risk for the data processed.

Applying these principles can save you a lot of money. If a data breach occurs, regulators will evaluate whether you incorporated appropriate technologies to protect user private data. If not, fines can run as high as €20 million (roughly $23.3 million) or 4% of global annual turnover—whichever is higher.

European-based businesses are not the only ones who need to take notice. U.S. companies that do business with customers in Europe are also subject to GDPR penalties.

Considering all the costs of a violation

Should your business violate GDPR regulations, remediation will be required, resulting in considerable penalties and costs. A supervisory authority may conduct an audit to determine the causes of non-compliance, and this review will impact the size of the penalty. To avoid this, you will need to devote resources and supporting staff to make sure regulators have a full and accurate understanding of your data protection and privacy technologies, procedures, and practices. 

The amount of time and effort you will spend on remediation is difficult to determine, and this is time spent looking backwards rather than on new strategic initiatives.

Other cost implications associated with data breaches include business disruption and revenue loss. According to the Ponemon Institute report, 2016 Cost of Cyber Crime Study & the Risk of Business Innovation, business disruption and revenue loss accounted for more than half of all external costs involving cyberattacks. These cost implications further justify tightening protection of personal data to reduce the potential and severity of data breaches. 

The preferable path to compliance

Any external interference in your enterprise IT security and priorities is an undesirable outcome. The preferable path is to comply with GDPR by implementing privacy by design and staying current with state of the art technology. That’s where we can help.

First, HPE applied the NIST 800-53 controls to a solution set of our servers, storage, and networking products.  According to recently published articles, the NIST 800-53 controls can help get European customers ready for the GDPR*

Second, our market-leading HPE Gen10 ProLiant servers are the world’s most secure industry standard servers with unique built-in firmware security deployed all the way down to the silicon. The HPE Secure Compute Lifecycle offers best-in-class innovations in server protection, malware detection, and system recovery to help you in your efforts to comply with GDPR and other sensitive data regulations:

  • Silicon root of trust—HPE is the only vendor to provide the silicon root of trust, which creates a digital fingerprint in the silicon and ensures servers will never boot with compromised firmware.
  • Firmware threat detection—You will know in real-time if your firmware has been compromised. In the event of a breach, you can automatically recover to a known trusted state and quickly get your sever operational again.
  • Server data security—By implementing the highest level of security algorithms, known as the CNSA-suite, you can keep your most confidential information within your server protected.

Ensuring your digital assets remain safe              

The end-to-end secure approach provided by HPE Gen10 ProLiant servers can help your business adhere to the privacy-by-design and state-of-the art data protection principles proposed by the GDPR. Our approach also plays a key role in all of your compliance efforts and in ensuring your digital assets remain safe.

To find out more about the ways HPE facilitates GDPR compliance, check out the Frost & Sullivan executive brief, Smartly Selected Infrastructure Paves a Pathway to GDPR Compliance. This is also an insightful read from The Privacy Advisor: How NIST security controls might help you get ready for the GDPR.

Featured articles:

0 Kudos
About the Author


Bob leads the partner software organization for the server division. His team is also responsible for productizing the new HPE security technologies and delivering a comprehensive approach to security across all solutions.