GDRC Compliance Experience GDPR: 5 lessons learned, Veeam compliance experience shared. Veeam® is committed to sharing our GDPR compliance experience with you. This regulation is complex and fact specific, meaning each organization’s GDPR compliance program may mean something different from the next company. GDPR is a major update to the Data Protection Directive from 1995, or more specifically 95/46/EC (that’s right, over 21 years between major releases!), and the data intensive world we live in is significantly different than the world we lived in in 1995. Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It affects everyone — not just IT. We have prepared... GDPR: 5 lessons learned, Veeam compliance experience shared. Veeam® is committed to sharing our GDPR compliance experience with you. This regulation is complex and fact specific, meaning each organization’s GDPR compliance program may mean something different from the next company. GDPR is a major update to the Data Protection Directive from 1995, or more specifically 95/46/EC (that’s right, over 21 years between major releases!), and the data intensive world we live in is significantly different than the world we lived in in 1995. Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It affects everyone — not just IT. We have prepared this white paper as a discussion of how Veeam interprets GDPR as of the date of publication. As a privately held information technology company that develops backup, disaster recovery and data management software for virtual, physical and cloud-based workloads to provide Availability for the Always-On Enterprise™, we have spent a lot of time with GDPR not only complying with it as a global organization, but also in development of our products. This white paper should not be relied upon as legal advice or determination on how GDPR applies to your organization. We encourage you to do as we did and work with legally qualified professionals to discuss GDPR and how it applies to your organization and collaborate and build a plan towards compliance. Veeam provides this white paper “as-is” and makes no warranties, express or implied as to the information in this white paper. Published on January 2018. Version 1.0 © 2018 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 2 GDPR: 5 lessons learned, Veeam compliance experience shared. Introduction In mid-2016, shortly after the enactment of the General Data Protection Regulation, or GDPR, Veeam’s executive management team immediately invested in a GDPR compliance initiative. We recognized that GDPR is the new benchmark and global standard that other countries will look to as a standard for data privacy. GDPR is brand new law and the first law addressing data privacy of individuals since the Data Protection Directive 95/46/EC. It’s a broad sweeping law and we encourage you to read it, all 260 pages of it found here at: http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf. The first tip we can provide you is to embrace the fact that this is an “evolution” not a “revolution” as many of your organizational practices you had before in compliance with the Data Protection Directive serve as the foundation for GDPR compliance. You will find numerous articles and blog posts talking about GDPR as organizations are scrambling to leverage this opportunity to grab your attention. We here at Veeam think very thoroughly. We have been building software solutions to help organizations like yours operate more efficiently and effectively. Our founders, Ratmir Timashev and Andrei Baronov founded Aelita software, a company that provided enterprise network management tools that improved security, usability and control over an organization’s network environments. You can still find these tools in Quest Software’s Windows Management products. Mr. Timashev and Baronov launched Veeam in 2006 and with our Veeam Availability Platform, we enable organizations like yours to ensure Availability for any application, any data, across any cloud. We know data management and data protection, two (2) of the key principles behind GDPR and we want to walk you through what GDPR means for us and how our products can help you address the key principles of GDPR. The Veeam game plan is to approach GDPR compliance by addressing the following five (5) principles: 1. Know your data: Identify the Personally Identifiable Information (“PII”) your organization collects, has and who has access; 2. Manage the data: Establish the rules and processes to access and use PII 3. Protect the data: Implement and ensure security controls are in place to protect the information and respond to data breaches 4. Documenting and Complying: Document your processes, execute on data requests and report any issues or data breaches within the guidelines 5. Continuous Improvement: Keep up with the fast-changing digital world and constantly review and improve your processes and procedures for data privacy and protection © 2018 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 3 Read more... Sorry no assests found. Vendors 01 Telecom 8x8 AB Tasty AB Tasty US Absolute Software Acuity ADAMOS Adobe x Microsoft (TMP) Amazon Amazon Local Amdocs Anaplan EMEA Aptible Aptitude Software APTTUS ATT Auth0 AWS (TMP) Azelis (TMP) B-Stock Backbase Barracuda Networks Barracuda Networks Inc (CS) Behavox Betterup Binary Tree BlackBerry BMC Software Boeing (CS) Brightcove Inc. VMware BT Capgemini Capita Plc Caretower Checkpoint Software Tech. Cigniti Technologies Limited Cintra CIO Crowd Cisco Cisco (Rombii) Cisco (TMP) Citrix (TMP) Citrix Systems Claranet Clear Skye CloverETL Cognizant Cognizant (Rombii) Colt Technology Services Commaxx AB Commvault Comptel Confluent ConnectWise Content Square (TMP) Contrast Security Corelight Couchbase CVENT Cylance BlackBerry Cylance Dataminr DataWatch Datto Decca Design Dell Dell Software Delphix BAE Systems Digicert Diligent Dimension Data DTN (Omo) Dynatrace Egnyte Emmes (TMP) Enigma Marketing Servics Epicor Esko Exclusive Networks Ltd Firemon Forcepoint (90) ForeScout Technologies, Inc. Forgerock Fortinet Fortinet B.V. Fortinet Germany Fortinet International INC – Dubai Fortinet Netherlands Fortinet Networks Romania SRL Fortinet Poland Fortinet Security Italy S.R.L Fortinet Security Spain S.L. Fortinet Singapore Fortinet Switzerland Fortinet Technologies India Fortinet UK Ltd - GBP Fortinet USA FullStory Fusion GBS Genetec Gigamon GitHub GXO (90) HealthComp (TMP) Hitachi HP HP APAC (Rombii) Idox Illumio Illumio Inc Immersive Labs Infinidat Infor (Parent) Infor UK Ingram Micro Intel (Parent) Interxion Intuit Intuit (TMP) IRIS Software (TMP) IriusRisk ITAS K2 Kappa Data Kaseya International Kingpin Parent Lenovo Lexmark Lidera LIGLINT LivePerson Ltd Logitech LogRhythm LogRhythm LogRhythm Lookout Lucanet Lumen Malwarebytes Malwarebytes Malwarebytes Marin Software Matrixx Software McAfee McAfee McAfee McDonald Butler Media Plan (TEST) Medidata Medidata USA Mendix Menlo Security Microsoft Microsoft Ireland Operations Ltd. Microsoft UK Microsoft US Monotype Moogsoft MSFT (TMP) Musarubra UK (McAfee UK) MYOB NanoRep Navisite New Relic (TMP) New Signature Nexthink NICE inContact Nice Systems Nintex Nordcloud Noveau NTT NTT Data NTT DATA Nutanix Nuvias Octopus EV One Identity One Identity US OneLogin Optimizely DE Optimizely NL OpusCapita AB OVH Cloud Pagerduty Palo Alto Networks PANW (TMP) Payoneer Payoneer (TMP) Percipient Pitney Bowes Planful Plume Design Pollen8 Pro-Active Business Information Ltd Proofpoint Proofpoint Australia Proofpoint Sweden Proofpoint UK PROS Publicis Sapient Publicis Sapient (TMP) Pure Storage Purechannels PWC QinetiQ Qlik (Parent) Quadient UK Quadrotech Qualys Limited Qualys US Quest Quest US Quest (TMP) Rapid7 Recorded Future Red Hat RedHat (TMP) Relay42 Reltio Resolve.io Rhipe Riverbed Technology Sage Sage Salesforce Salesforce.com (Parent) Salesforce.org SAP SAP (CS) SAP (Rombii) SAP (TMP) SEC Datacom Seequent SentinelOne Silver Peak Simms Sitecore Siteimprove Slack Technologies Slack Technologies GMBH Slack Technologies Limited (IE) Slack UK Limited Smith Cooper SolCyber Managed Security Services, Inc. Solutions for accounting Sonicwall SonicWall - EMEA - UK SonicWall Sprinklr Starlink Sy4Security a/s Talion Digicert Synapse 360 Systematika T-Mobile Tata Communications Tata Consultancy Services TCS TD Synnex France Tenable The Marketing Practice The Marketing Practice (Marketing) Thomson Reuters Thoughtspot ThoughtWorks (TMP) ThreatQuotient Trellix Trend Micro Trend Micro Trimble Inc (90) Udacity Unit4 Veeam Verizon Version1 Virgin Media O2 Business Virtual Instruments West Coast Cloud Yash YNV Group ysura GmbH Zimperium ZoomInfo ZScaler Zscaler Netherlands B.V. BI View All Big Data Data Hygiene Analytics Data Visualisation Cloud View All Hybrid Cloud Enterprise Cloud Cloud Computing Cloud Applications Cloud Migration AWS Data Centre View All Big Data Data Centers Storage Master Data Management iPaaS Internet Exchanges General Data Protection Regulation O365 Migration Access Management Testing IT / Business Management View All Project Management Digital Strategy O365 Management LIBOR Contract Management SD-WAN Remote Workforce IoT Artificial Intelligence Education Employee Development Employee Engagement Diversity & Inclusion WLAN Customer Experience Management Clinical Data Payment Platforms Audit Marketing & Sales View All Video Marketing CRM Content Marketing User Experience Revenue Management ABM Brand Management Channel Marketing Demand Generation Leadership PPC Sales & Marketing Alignment Digital Advertising Growth Marketing Security View All Authentication & Access Systems IT Threats & Vulnerabilities Threat Detection Endpoint Firewall Threat Prevention Web Application Security Hacking Compliance Mobile Security Malware SIEM Security Monitoring Cyber Ransomware Cloud Security Zero Day Network Security Data Compliance IOT Security SD-WAN Autonomous Testing Zero Trust Phishing Security Awareness Training Data Centre Security Modern Management Digital Security Operational Technology XDR Threat Modeling Software View All Applications CRM Systems Management Artificial Intelligence Office 365 WiFi Medical Data Storage View All Data Protection DiskStored
GDPR: 5 lessons learned, Veeam compliance experience shared. Veeam® is committed to sharing our GDPR compliance experience with you. This regulation is complex and fact specific, meaning each organization’s GDPR compliance program may mean something different from the next company. GDPR is a major update to the Data Protection Directive from 1995, or more specifically 95/46/EC (that’s right, over 21 years between major releases!), and the data intensive world we live in is significantly different than the world we lived in in 1995. Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It affects everyone — not just IT. We have prepared...
GDPR: 5 lessons learned, Veeam compliance experience shared. Veeam® is committed to sharing our GDPR compliance experience with you. This regulation is complex and fact specific, meaning each organization’s GDPR compliance program may mean something different from the next company. GDPR is a major update to the Data Protection Directive from 1995, or more specifically 95/46/EC (that’s right, over 21 years between major releases!), and the data intensive world we live in is significantly different than the world we lived in in 1995. Many people might think that the GDPR is just an IT issue, but that is the furthest from the truth. It affects everyone — not just IT. We have prepared this white paper as a discussion of how Veeam interprets GDPR as of the date of publication. As a privately held information technology company that develops backup, disaster recovery and data management software for virtual, physical and cloud-based workloads to provide Availability for the Always-On Enterprise™, we have spent a lot of time with GDPR not only complying with it as a global organization, but also in development of our products. This white paper should not be relied upon as legal advice or determination on how GDPR applies to your organization. We encourage you to do as we did and work with legally qualified professionals to discuss GDPR and how it applies to your organization and collaborate and build a plan towards compliance. Veeam provides this white paper “as-is” and makes no warranties, express or implied as to the information in this white paper. Published on January 2018. Version 1.0 © 2018 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 2 GDPR: 5 lessons learned, Veeam compliance experience shared. Introduction In mid-2016, shortly after the enactment of the General Data Protection Regulation, or GDPR, Veeam’s executive management team immediately invested in a GDPR compliance initiative. We recognized that GDPR is the new benchmark and global standard that other countries will look to as a standard for data privacy. GDPR is brand new law and the first law addressing data privacy of individuals since the Data Protection Directive 95/46/EC. It’s a broad sweeping law and we encourage you to read it, all 260 pages of it found here at: http://data.consilium.europa.eu/doc/document/ST-5419-2016-INIT/en/pdf. The first tip we can provide you is to embrace the fact that this is an “evolution” not a “revolution” as many of your organizational practices you had before in compliance with the Data Protection Directive serve as the foundation for GDPR compliance. You will find numerous articles and blog posts talking about GDPR as organizations are scrambling to leverage this opportunity to grab your attention. We here at Veeam think very thoroughly. We have been building software solutions to help organizations like yours operate more efficiently and effectively. Our founders, Ratmir Timashev and Andrei Baronov founded Aelita software, a company that provided enterprise network management tools that improved security, usability and control over an organization’s network environments. You can still find these tools in Quest Software’s Windows Management products. Mr. Timashev and Baronov launched Veeam in 2006 and with our Veeam Availability Platform, we enable organizations like yours to ensure Availability for any application, any data, across any cloud. We know data management and data protection, two (2) of the key principles behind GDPR and we want to walk you through what GDPR means for us and how our products can help you address the key principles of GDPR. The Veeam game plan is to approach GDPR compliance by addressing the following five (5) principles: 1. Know your data: Identify the Personally Identifiable Information (“PII”) your organization collects, has and who has access; 2. Manage the data: Establish the rules and processes to access and use PII 3. Protect the data: Implement and ensure security controls are in place to protect the information and respond to data breaches 4. Documenting and Complying: Document your processes, execute on data requests and report any issues or data breaches within the guidelines 5. Continuous Improvement: Keep up with the fast-changing digital world and constantly review and improve your processes and procedures for data privacy and protection © 2018 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners. 3
