However, with time, some hindsight, and some brutal honesty we found a very practical, quick route to meeting compliant dates, operational use, and some fairly tight budgets for what previously looked like a horror show.
The attitude of many organisations is one of information hoarding; retaining information is a comfort blanket should it be needed in the future. It is true that there are reasons to retain information (regulatory is just one) however, more often than not, data retention extends well beyond what is required. Data should be recognised as expensive and a risk to the business; the more data stored, the higher the risk and likelihood of being fined.
There are two questions organisations should be asking themselves:
1. Do we really need everything in the live production that’s years old?
2. Do we know the breakdown of types of files because pictures and media files are near impossible to classify accurately?
80% of the GDPR issues just disappear with the delete key! And if you don’t use GDPR as a reason to start this data deletion you never will.
Many would see deleting data as a scary and extreme option and a risk in itself. This is why next-generation Data Archiving, as a soft delete, provides an interesting solution to GDPR problems. What is Data Archiving?
1. Reduced cost of primary data storage: free-up space in expensive active databases by moving older data, not needed for everyday business operations, to a more cost-effective long-term storage device or platform.
2. Faster backups and recoveries: removing data from active databases reduces the volume of data that must be backed up, time to complete backups and restoration time.
3. Improved performance: by reducing active data, retrieval is quicker and overall performance is increased.
- Invest in a next-generation archive solution that is GDPR ready with API’s to search for GDPR data.
- Go aggressive on deleting data from the production environment (you have an archive anyway, so its a soft delete).
- Invest in a data classification tool that uses AI to drop similar documents into buckets, and then name the buckets (the less data you have, the quicker & cheaper this is).
- Use the classification tool to show you GDPR data, the owner, and who has access rights. You will quickly be looking at non-GDPR data that really shouldn’t be available to the whole company!
- Pass the tool to department leads so that departments manage their own data.
- Get a ‘right to be forgotten’ request – search the live data set and take appropriate action. Have workflow to get IT to use the archive API to delete data.
- Get the annoyed user that complains he has had a file deleted? Restore it in seconds.
Rubrik is the market leader in Cloud Data Management. They accelerate GDPR compliance with a centralised platform that protects, manages, and monitors data across all environments, helping to simplify the process with automated retention and archival policies.
Rubrik’s archival solution allows you to easily manage long-term data retention across on-prem storage, the private or public cloud. While retaining instant access to archived data with real-time predictive search. Book a WebEx demo to find out how Rubrik can help reduce your GDPR risk…