Plan now for the EU's privacy regulation revolution, says HPE exec

The EU's personal data protection laws don't change until May 2018, but HPE is launching its compliance tools now

The cost of complying with the European Union's General Data Protection Regulation might seem like something best deferred until it enters force in 2018 -- but working on compliance just might boost profit, not reduce it.

The GDPR, the EU's latest rewrite of its data privacy laws, doesn't enter effect until May 25, 2018, but already IT companies are talking up their software and services for complying with the new rules.

It's not just an issue for EU enterprises: Any company processing the personal information of EU citizens is affected.

What those companies can do with that information is more tightly controlled than before. Collection and processing of sensitive information is only allowed if the person concerned opts in, unless the information processing is necessary to fulfill a contract or to protect the person's vital interests.

That contract fulfillment provision isn't a catch-all, either: If someone wants to buy a pair of sunglasses online, you can't insist that they tell you their shoe size, for example, before accepting their order. The data collection has to be necessary.

Businesses not only have to protect their customers' data, they have an obligation to tell them if they slip up. Data breaches that pose a significant risk to those concerned must be disclosed within 72 hours.

The cost of not complying could be high: a fine of up to €20 million (US$22 million) or 4 percent of worldwide revenue, not to mention the resulting decline in customer confidence.

One of the GDPR's requirements would be a sensible first step for many businesses even if it weren't mandated: For companies to classify all the data they hold that falls under the new regulation.

That one step could be a money-maker, rather than a money pit, according to Joe Garber, Hewlett Packard Enterprise's global vice president of marketing for information management and governance software.

"Once you get your data in order, once you get insight into your information, then you can mine that information for value, strategic information about what your customers really want."

There's also scope for cost savings on a number of fronts.

By moving their data into a central, searchable repository, businesses may find they can retire older applications. "We've had customers shutting down thousands of apps," Garber said.

And in examining that data, they may find they're better off not storing it at all. "Some percentage of that information won't have value for the organization, and at $20 per gigabyte for its lifecycle, it has a cost."

So is evaluating which information falls under the GDPR going to be a make-work project, as thousands of terminal operators repeatedly choose to "protect," "ignore" or "delete" as they click through customer records and email files?

Well, no. To start with, it's pretty obvious that a database of email or physical addresses, or credit card numbers, is going to be sensitive information, so much of that process can be automated.

"The big deal is unstructured information. It requires context," Garber said.

HPE, like a number of other companies, already has software tools that can make this kind of assessment, looking out for clues in email or other records that indicate the presence of credit card or bank account numbers and the like.

On Thursday, HPE began explicitly packaging some of its existing tools as solutions to particular GDPR compliance tasks, a move that will simplify matters for worried customers -- and perhaps bring HPE a little extra revenue in the run-up to 2018.

Its Personal Data Assessment tool will automatically identify information that falls under GDPR rules, while Secure Content Management will apply the appropriate policies to the data once assessed. It even has a Litigation Readiness and Response tool for dealing with investigations and lawsuits.

The portfolio is modular, leaving companies free to pick and choose whether to buy some elements elsewhere or to roll their own regulatory response.

Whoever businesses intend to hand the GDPR compliance tasks to, Garber thinks they should start right away.

"Many of these solutions will take some time to set up," he said.

And with a potential €20 million fine riding on the outcome, "If they wait until 2018 to switch the technology on, it will be too late," he said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?