May 25, 2018 is approaching quickly. This is when the grace period for the GDPR (General Data Protection Regulation) is over and an organization may be penalized for non-compliance. Just like any company that does business with EU customers, Veeam needs to be compliant with this regulation, especially considering we are a global, Swiss-headquartered company.
Over the next weeks, we will guide you through the steps and effort that Veeam has been taking and continues to take, to ensure compliance. This is and will be an ongoing process that does not stop on the 25th of May. Our expectation is that these activities will continue as part of our ongoing business model. These efforts have included legal consultation, regulatory consultants and internal research. As our contribution to the community, we believed it will be valuable to share our learnings and knowledge with you in a series of posts over the next few weeks.
Besides becoming compliant ourselves, we also have the privilege as a company to talk to our 270k+ customers on a regular basis. One thing is for certain, each organization is unique and will require a slightly different implementation. Depending on how your organization is collecting personally identifiable information (PII), your journey to GDPR compliance will differ from other organizations.
Why GDPR?
At Veeam we believe this is a welcome change. The predecessor of GDPR, the DPD (Data Protection Directive) was created in 1995. At that point in time there were no smartphones and the internet was only emerging as a mechanism to disseminate and collect information. I already discussed this in one of my previous blogs.
Technology will solve this?
Unfortunately, this is a statement we have been hearing a lot. It is not true. Technology alone will not bring compliance. Only a combination of workflows (or processes), internal education and joint work between different departments will ensure compliance. However, it is true that technology will play a significant role in this journey.
GDPR at Veeam: 5 lessons learned
As you follow the Veeam journey to compliance, it is important that you understand we are not saying we have all THE answers. This should be considered a general guideline with helpful tips that you can use in your journey.
We have categorized our learnings into 5 basic principles:
- Know your data
- Manage the data
- Protect the data
- Documentation and Compliance
- Continuous improvement
Conclusion
Over the next weeks, we will go deeper into the different topics and share some tips and practical information with you on this blog around the 5 principles. We will also share 2 whitepapers with you that contain additional in-depth information about Veeam’s journey to GDPR and the 5 lessons learned.