Introducing the Veritas School of Witchcraft and Wizardry for GDPR
This week I had the opportunity to sit down with some of our in-house General Data Protection Regulation (GDPR) technical experts, and for three days my brain was assaulted by all manner of classification identifiers and regular expressions. It didn’t take much to picture my mentors in cloaks, sipping steaming potions while cackling away in a strange language.
At Veritas, we are used to solving complex customer problems using smart software – it’s what we do. With the evolution of data protection regulations such as GDPR, it’s become clear that the problems faced by our customers are becoming more complex, hence we’ve had to up our game to stay one step ahead.
One of the biggest challenges facing customers preparing for GDPR is how to identify and locate personal data which is the first stage to becoming GDPR compliant.
I’d like to share an example of how we identified and located personal data in our test lab with Veritas Data Insight, using the following steps:
- Before you can find personal identifiable information (PII), you need to define what exactly qualifies as personal data within the business.
- Using this list of potentially PII, the next step is to build the classification policies that will tag data for identification and control purposes. First, we created the appropriate tag in the Veritas Classifier engine - in this example we want to tag Employee-PII.
- Next, we need to configure the Information Classifier to look for patterns that will identify items as Employee-PII – in other words look for employee IDs, email addresses and other custom properties as determined by the business. When 4 properties in the list match, the data will be tagged as Employee-PII.
Once the data is tagged, you can perform various actions to satisfy not only GDPR, but also the data will no doubt be more useful now that it is enriched with tags like; Intellectual Property, Confidential, Attorney-Client Privileged, Stale, Orphaned and Contract.
Without knowing what personal data you are holding within your organisation you stand no chance of becoming compliant. Attempting to do a similar exercise on many terabytes of data without the power of a classification engine is simply impossible – your data will remain dark. What are you waiting for? Bring on the Veritas “Lumos Maxima (“Great Light”) and light up your Dark Data! To find out more about Veritas’ GDPR solution click here.