Using real-time data management to drive GDPR Compliance

Today’s cloud applications are highly contextual, massively scalable, always-on, distributed across data centers and geographies, and able to manage data and insights in real time. This means they pose incredible risks for non-compliance with the GDPR and also for hefty, potentially catastrophic fines.

2 USING REAL-TIME DATA MANAGEMENT TO DRIVE GDPR COMPLIANCE Cloud Applications and GDPR The European Union’s new General Data Protection Regulation (GDPR) goes into effect on 25 May 2018 and applies to all organisations that process European residents’ personal data. It’s an update of the 1995 Data Protection Directive and its most noteworthy change is the increase of maximum violation fines from £500,000 to up to 4% of a company’s global turnover or €21 million (whichever is greater). Today’s cloud applications are highly contextual, massively scalable, always-on, distributed across data centers and geographies, and able to manage data and insights in real time. This means they pose incredible risks for non-compliance with the GDPR and also for hefty, potentially catastrophic fines. Business and technology leaders tasked with successfully implementing their company’s GDPR initiatives should recognise that achieving GDPR compliance can be a complex project that demands time, skills, and resources. The GDPR in a Nutshell • The GDPR consolidates and strengthens data protection rights for individuals. • Each EU state has supervisory authority. • The GDPR builds on the EU’s Data Protection Directive, adopted in 1995, with additional requirements and penalties, including significantly greater penalties for data breaches (see above). • Each supervisory authority is obligated to investigate complaints. • Every organisation must understand the data it has, whether that data is processed lawfully, and be able to account for what it does and doesn’t do. • Companies with multiple data systems present a massive risk. Legal grounds and privacy notices The GDPR makes legal grounds such as consent more onerous to satisfy. It also changes privacy notice content requirements, meaning organisations will likely need to amend their existing privacy terms or at least review them to ensure alignment with the GDPR. Accountability The GDPR puts greater emphasis on showing