New EU GDPR will come into effect May 2018 and it will be bigger issues then expected and understood and it's the Law.
One key questions will be what is personal data, where in all systems it has been stored and for how long. Do we know where the user's personal data is, how would we are are we even able to found personal data from our data mass. Do we personal data only in managed data like in application and data bases or do we also have personal data in unmanaged data and honestly can some one explain what is unmanaged or dark data and do we have it and how much.
Short answer is that yes you have and usually a lot. Veritas used the term Databerg like iceberg - you will only see the 10% and the rest in in the Dark under your eys and understanding. It is history data, data where the policies and control has failed.
You have just deployed new tools but not migrated or deleted the old one - yes deleted. Normally corporate takes backups from end user workstation to the local file server witch is then replicated to central data center and then stored to backup tapes. And this happens for the same file in multiple users computer -- backed up the local Branch Office file server -- backed up to centralized data center and included to the backup tapes. And for sure it is also in email and pst files backed up same way as a file and email backups. Sounds familiar?
If not - I don't believe
And based on earlier, what if customer or you as an employee want to be forgotten, how do you ensure that your yearly reviews or saved proxy log files from authenticating proxy will be deleted and not restored from backup in crisis when the systems goes down and your data come back to the system and visible. IP address is personal information here explaining that you as an individual has tried to connect from your PC to Internet regardless if the target has been against corporate policies.
"All comments are my own"
Read more https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
To Be Continued
No comments:
Post a Comment