Learn how to build a best-in-class GDPR compliance strategy with HPE Storage.

The General Data Protection Regulation (GDPR) comes into force on May 25, 2018. This is the most significant change in privacy law in the past 20 years. Non-compliance with the GDPR may lead to hefty fines for organizations—up to a maximum of 4% of annual worldwide turnover of a corporate group. That’s huge, isn’t it?

The GPDR is a complex law. It can be challenging for organizations to understand what needs to be done to be GDPR compliant and to understand how regulators will exercise enforcement powers.

To manage GDPR compliance, your organization needs to do a comprehensive review of your data processing activities to understand how GDPR impacts you and what you need to do to achieve and maintain compliance. Let’s start with some GDPR basics, followed by a discussion on how HPE Storage can help you build a best-in-class GDPR compliance strategy.

GDPR basics: definitions and goals 

Personal data is any information that can identify a person. It could something as simple as a name, location, email address or even an online identifier like IP address. An entity is a controller of personal data if it determines why and how the data will be processed. An entity is a processor of personal data if it processes personal data on behalf of someone else and at their direction.  Your organization may also be required to appoint a data protection officer (DPO), whose responsibility is to oversee data privacy practices and help ensure compliance with the GDPR requirements. GDPR requires organizations to develop governance procedures to ensure you are GDPR compliant and can demonstrate your compliance.

GDPR aims to reinforce the data protection rights of individuals and generate trust in personal data processing. GDPR also aims to facilitate the free flow of personal data in the digital market. Individuals’ rights over their own data is the foundation of GDPR. A data subject’s data can be either at rest or in flight. Given the massive fines and penalties (up to 20 million euro or 4% of a company’s revenue, whichever is greater), organizations need to act now.

How does GDPR help your organization?

GDPR, including the record keeping and privacy by design and default requirements, forces organizations to put more robust governance, policy and processes in place to be GDPR compliant.

GDPR does bring some business benefits in the form of revenue generation and brand loyalty as a result of the proper handling and security of the data subject’s personal you're your organization controls or processes.

How does HPE Storage help you with GDPR compliance?

If your organization deploys HPE Storage products in your data center environment, HPE Storage products can help with GDPR compliance requirements, including privacy by design.

GDPR’s privacy by design principle builds privacy and security features into the development of any IT systems, products or other processes that involve the processing of personal data—rather than bolting it on as an afterthought. As a technology provider, HPE products have privacy and security features that can assist you in meeting GDPR obligations when you use HPE products to process personal data. 

With built-in security features and functionalities across the HPE Storage stack, organizations can use HPE Storage products that can assist customers to build a best-in-class GDPR compliance strategy.

HPE Storage point of view for GDPR compliance

GDPR requires organizations to implement appropriate technical and organizational measures to secure personal data. GDPR is an opportunity for you to modernize your data center infrastructure, tools and processes. GDPR not only involves technological changes. Successful GDPR compliance strategy is amalgamation of process and technological changes.

By its inherent product design and architecture with built-in security, HPE Storage can assist you with your GDPR compliance strategy. HPE is committed to continuing to enhance the security features of its products in our design process.

Please refer to the following resources for information on the security features of the HPE Storage portfolio:

HPE 3PAR Storage 

• Unified Capability Approved Product List (Look thru Device Type = “All” Vendor = “HP”):
• 3PAR Cryptographic Algorithm Validation Program (CAVP)  
• HPE 3PAR StoreServ Security Datasheet
• HPE 3PAR StoreServ Security Technical Implementation Guide (STIG)
• HPE 3PAR StoreServ Storage Common Criteria Certification Guide
• 3PAR Secure Service Architecture Whitepaper
• HPE 3PAR StoreServ Data-At-Rest Encryption
• A comprehensive view of IT Infrastructure Security (gen10 Security whitepaper that includes HPE Storage)
• HPE Security Vulnerability Assessment

HPE 3PAR File Persona

• SEC 17a-4(f) Compliance Assessment for HPE 3PAR with File Lock Compliance
• How 3PAR File Persona Keeps Your File Server Data Safe
• Rely on HPE 3PAR File Data Access Security
• HPE 3PAR File Access Auditing Framework for a Safe, Secure File Server Environment
• Varonis Introduces Support for Hewlett Packard Enterprise 3PAR StoreServ Storage for File Access and Auditing

Meet Around the Storage Block blogger Rashmi Malik, Product Manager, HPE 3PAR Storage.