Johan Scheepers, SE Director MESAT for CommVault in South Africa

By Johan Scheepers, Systems Engineering Director for MESAT

There’s no doubt that May 2018 will be remembered in business and technology circles as an important milestone in the evolution of data protection legislation, usage and public impact. The implementation of GDPR in Europe on May 25th effectively introduced a law with an international reach: its aim, supporting the rights of individuals and providing a best-practice framework for enabling the continued and sustainable growth of the digital economy.

The first five months of 2018 were framed by an ‘Armageddon like’ count-down to May the 25th with companies, employees, members of the press and third-party consultancies all hypothesising quite what GDPR would mean from both theoretical and practical perspectives.

The question however is how far and deep companies have gone in their compliance efforts in preparation for May 25 2018, and effect are those processes and workflows now we are in May 2019.

According to a Commvault poll conducted at Data Protection World Forum in November last year, strict regulation such as GDPR was actually welcomed by the vast majority of respondents, highlighting that the process would lead to improved cross business function data-hygiene, and ultimately provide a more transparent view of the data (and its value), held by an organisation.

One year on from its implementation, the bruising barrage of fines and thousands of ‘Right to be Forgotten’ requests have broadly speaking been avoided. While the short-term regulatory storm may have been avoided, and the mandatory GDPR ‘box’ ticked, businesses focus have meanwhile shifted elsewhere. This however, leaves questions as to how far and deep companies have gone in their compliance efforts, now that the public spotlight is elsewhere.

The last 18 months have seen a raft of new ‘solutions’ flood the market, often claiming to be the silver bullet for GDPR. The fact of the matter remains however, that there is no one size fits all solution that you can plug in and simply press ‘go’, to solve all the regulatory requirements associated with GDPR.

There are however, solutions available like Commvault Activate and Commvault Orchestrate that allow the more effective identification, indexing, sorting and management of data in ways that enable organisations to more easily meet ‘Right to be Forgotten’ requests or provide notifications and visibility around data breaches – all of which are key components of GDPR.

Stefan Hellweger, Head of IT at the South Tyrol Civil Protection Agency has been using Commvault for just this purpose.  With 210 employees and 19,000 volunteers the agency responds to thousands of requests for assistance every year – from fires and avalanches, to road accidents and earthquakes.

The Alpine region’s population of 500,000 people is swelled by millions of visitors every year who enjoy a range of outdoor activities, and this results in a massive amount of created and managed data. Data that since May 25th 2018, all falls directly under regulatory requirements now governed by GDPR.

“With Commvault, we can quickly and easily search for personal data stored on physical and virtual servers as well as backup files,” said Hellweger. “It has accelerated our response to GDPR requests and improved governance and transparency.”

As we approach the first anniversary of the inauguration of GDPR and review the present state of the regulatory landscape (and associated attitudes), the key take away for us all should be this: regardless of shape or size, it remains of vital importance that organisations continue to take stock of how GDPR is evolving; reflect on how far they have come in their own compliance efforts over the last 12 months; and seriously consider how far they (in some cases), still have to go.