Servers & Systems: The Right Compute

How to shore up infrastructure security in compliance with GDPR


Staying in compliance with the General Data Protection Regulation (GDPR) is a challenge. Here's how you can meet it with proper planning, project management, and stakeholder commitment.

blog_GDPR compliance.pngPrivacy concerns have taken on an entirely new significance after multibillion-dollar company Facebook came under scrutiny for leaking the private data of its users. CEO Mark Zuckerberg testified before the US Senate in April, and after his social network received more than 2,000 questions from both the Senate and House committees, it recently provided written answers to queries about topics from data breach notifications to "shadow profiles"—or information Facebook collects about people from places other than Facebook. Now, calls for greater protections are deafening, and companies around the world are scrambling to shore up their infrastructure security.

But this mad dash didn't come out of nowhere. Businesses also had to rush to get in compliance with the General Data Protection Regulation (GDPR), an ordinance that ensures new accountability and transparency standards in the handling of personal information and gives individuals greater rights over how that data is collected, stored and used. It went into effect across the European Union (EU) on May 25, and is applicable to all those who conduct business within the European Union, not just EU member states. To continue to meet it, your company must enhance its approach to data protection for both clients and website visitors.

Tip 1: Identify "personal data"

An important consideration must be to identify what constitutes "personal data." Quite simply, any information you receive, store, or leverage from your clients falls under this term. This means that you need to be vigilant about protecting all client information you collect, including names, photographs, email or physical addresses, banking information, posts on social media sites, medical information, and IP addresses.

One significant example of where GDPR's impact is noticeable is any sales and marketing activities that require you to use direct email to contact clients or prospects. GDPR limits you to distributing email campaigns only to those who have "opted in" to receive your information, and you'll need to maintain a record of how and when those individuals opted in. Each year, you're required to reconfirm that these individuals still want to receive information from your company.

What are the penalties for non-compliance with the new rules? You can be fined 4 percent of your company's global revenue, or around $25 million (€20 million)—whichever is higher.

Tip 2: Use all available tools

You may find that previous standards of security, compliance, and performance haven't kept up with your need for agility in a climate of digital disruption. Your unprotected firmware, without appropriate infrastructure security, has already become a target of malicious exploits. But vengeful actors aren't the only security threats—human error can also cause unnecessary havoc for your systems as you strive to stay in compliance with GDPR.

Fortunately, there are helpful resources at your disposal. HPE provides bundled software solutions that perform data assessments to automatically encrypt information subject to GDPR regulations. This automated process can significantly speed up the evaluation of both structured and unstructured data, which had previously been a manual process often subject to human error. Additionally, the new HPE infrastructure stack complies with NIST 800-53 controls, aligning your servers, storage, and networking with GDPR regulations all at once.

Innovations in server protection, malware detection, and infrastructure security will also help you adhere to GDPR requirements. The latest servers from HPE tackle the infrastructure security issue by performing a secure memory encryption that enables all or a portion of memory to be encrypted for data protection. Plus, Integrated Lights Out technology inside an intelligent microprocessor provides firmware performance via routine health checks.

Tip 3: Involve stakeholders

Perhaps the most important thing you need to do is to establish accountability and governance within your organization. Your management team needs to understand the significance of your company's adherence to GDPR. It will be critical to your success to have their participation, alongside a director or vice president who has direct accountability. A framework that includes scope of impact should be created to inform all stakeholders and actively involve them in your process.

GDPR is a broad change and cultural shift in the way your organization processes confidential information. As such, your team needs to communicate with employees and train them on the basics of it. But your compliance with the regulation will require regular maintenance—which means regular audits of data management and infrastructure security to remain compliant.

Meeting GDPR requirements is an ongoing challenge. But with consistent diligence in project management, inspection, and maintenance—plus commitment from all stakeholders, you'll find that you never have to question your approach. And soon, you'll see you're just starting to discover the strategic benefits that catching up with data privacy regulations can bring.

Meet Infrastructure Experts blogger Kate Stanton Whalen, IT JournalistKate (2).jpg

Kate was introduced to the world of IT at Digital Equipment Corporation (DEC) in the early 1980s, when DEC was a trailblazer in scientific, modular computing. There, she learned to merge her creative nature and love of the English language with the discipline of business communications. Her experiences at DEC, Compaq, and HP/HPE, as well as four New England-based communications and marketing agencies, enabled her to build a broad skillset in a variety of marketing and communications fields including event management, video production, brand stewardship, and social media marketing

0 Kudos
About the Author


Our team of HPE and other technology experts shares insights about relevant topics related to artificial intelligence, data analytics, IoT, and telco.