Issue link: https://cp.revolio.com/i/964464
THE DATA CENTER JOURNAL | 13 www.datacenterjournal.com www.datacenterjournal.com By May 25, 2018, all organizations that market goods and services to European Union residents must be in compliance with The EU's new data-protection laws, aka the General Data Protection Regulation (GDPR). Designed to provide individuals more control over access to their personal information, the GDPR mandates organizations with an EU presence to comply with rules covering management and protection of certain consumer data they possess. These rules require organizations to obtain consent before processing data, report data breaches and safeguard data transfers across borders. Failure to comply with the GDPR can lead to fines of up to 4% of the organization's global revenue. THE DATA CENTER JOURNAL | 13 www.datacenterjournal.com I t's critical for data center opera- tors to track—in their physical IT infrastructure—where the data resides, how it's transported from storage to the server and to the end user, and who has access to and can interact with that infrastructure. IT teams are fully aware that the physi- cal security of the data-processing in- frastructure is as critical as the digital management of their assets. Since the physical infrastructure extends beyond an organization's data center and into colocation facilities, managed-service providers, hosting services, SaaS ven- dors and virtually any XaaS vendor, it makes sense that GDPR holds organi- zations accountable for proper compli- ance regarding the personal data at their disposal, regardless of where it resides. More importantly, to reduce risk, organizations must actively man- age their vendors' security framework with regard to the data and be fully aware of the infrastructure used as well as how data is stored and treated. Organizations can expedite GDPR compliance with a data center infrastructure management (DCIM) soware solution for tracking the data's location in the physical infrastructure, as well as individuals who have access to the data and how the data is trans- ported. Using a DCIM solution, orga- nization can ascertain the following: • Critical data location from devices to network, servers and storage • Data breaches as they occur • Geographic locations of repli- cated data • Security tools deployed and en- abled on identified devices. • Secondary locations of infra- structure for safe handling and transportation of data across borders Furthermore, a DCIM solution can also help organizations meet the requirements of specific GDPR articles including the following. • Data Protection Impact As- sessment (Article 35): A DCIM workflow feature can capture asset and application names indi- cating whether the system is run- ning or hosting customer data. It can also offer the ability to assign a data-protection officer's review activity in any IMAC data center process. Organizations can use an asset-management and asset- integrity monitoring feature to easily track data at rest and the infrastructure used for that data—and obtain a GDPR report of all workflows with a GDPR activity and determine whether they're active or closed. • Right to Erasure, or "Right to be Forgotten" (Article 17): A DCIM asset-management feature can help the controller flag/track the life cycle of all assets used for storing or processing the information of "data subjects" (individuals or customers). Tracking can extend from the point of existence in the physi- cal computer infrastructure to decommissioning or destruc- tion, providing visibility into a complete life cycle of the data's physical location. • Investigative Powers (Article 58): Using a DCIM asset-opti- mization and tracking-support feature, organizations can easily provide compulsory data-protec- tion audits when needed. • Activity Reports and Data Breach Notification to Authori- ties (Articles 59, 33 and 33a): A DCIM impact-assessment report can provide a list of assets that are flagged for GDPR tracking, showing the tracked assets' loca- tion and status (whether active or decommissioned), as well as their rack, name, IP address, data last audited, mapped business applications and more. • Transfers on the Basis of an Adequacy Decision (Article 45): A DCIM solution can provide visibility into life-cycle track- ing, including accountability and compliance visibility and reporting. With the May 25, 2018, GDPR- compliance deadline fast approach- ing, it's imperative for organizations processing personal data—either in the EU or working with companies in the EU—to have in place a thorough GDPR-compliance plan that integrates a DCIM solution. Doing so will not only safeguard their brand from high risk factors but also help avoid hey violation fines. n