In less than 100 days, the grace period for businesses to get themselves General Data Protection Regulation (GDPR) compliant will end. While the GDPR might be an EU regulation, its impact is guaranteed to be felt by all organisations that conduct business with the EU.
This guest blog was contributed by Raymond Goh, Head of Systems Engineering, Asia & Japan at Veeam Software.
Raymond Goh, Head of Systems Engineering, Asia & Japan at Veeam Software.
Asia represents an active and growing market for EU.
ASEAN, in particular, is EU’s third largest trading partner outside of Europe, and has been recognised for its high growth potential, with EU companies investing an average of €19 billion annually in the region.
- Check for any personally identifiable information (PII) of EU residents
- Manage Sensitive Information
- Protect your Data
Strong business relations between EU and Asia highlight the importance of the GDPR to all Asian organisations, and the clock is ticking for corporations to ensure they meet the stringent criteria before 25 May arrives.
GDPR compliance is unique to each company as each company is unique, but below are three tips to get you started.
1. Check for any personally identifiable information (PII) of EU residents
Determine if your organisation has any sensitive data of EU residents.
PII refers to any data that can be used to identify an individual.
While your first thought might be information such as name, contact numbers, email addresses etc., PII also encompasses IP addresses, location data and more.
As the GDPR continues to approach, organisations should take this opportunity to reevaluate their processes and improve data privacy and security.
Beyond knowing, managing, and protecting your data, enterprises should also keep a firm hand in documenting processes and reporting any breaches to comply with the GDPR.
In the rapidly evolving digital world we live in, it is now more pertinent than ever for corporations to constantly review and improve their processes.
The GDPR has also put in place even stricter regulations for sensitive PII which includes race, religion, ethnicity and more.
Be aware of such data and know who has access to it.
If your enterprise deals with multiple businesses around the region, consider investing in technical solutions that can gather and analyse data efficiently and accurately to streamline the process.
2. Manage Sensitive Information
After identifying the PII your organisation owns and who already has access to it, establish clear processes on the usage of such data.
This is important as the GDPR requires organisations to declare what data they are collecting, why, where the data is used, and how it is being stored.
Careful handling will ensure transparency and clarity in all processes.
Some templates for easy management can be found in Veeam’s recent white paper that talks about our experience in ensuring GDPR compliance.
3. Protect your Data
With the continued sophistication of malware, such as the latest Scarabey ransomware, which threatens to delete your files until you pay up, it is now more vital than ever for organisations to protect their data.
Air gapped backups are “offline” backups that cannot be manipulated or deleted remotely, an improvement of the original 3-2-1 rule with an additional 0.
Having a sound protection plan in place ensures companies do not risk losing their data and can quickly recover important systems.
Tags: Business IT, bylines, compliance, enterprise IT, EU, GDPR, opinion, privacy, security, software, Veeam