Since the introduction of the EU General Data Protection Regulation in May 2018, all companies that collect, store, and process personal data need to be compliant – or suffer heavy fines and reputational damage. According to the Cisco 2022 Data Privacy Benchmark Study, 91% of organizations consider privacy to be a business imperative. Many have invested in security measures to protect the data in their operational systems. But with a great deal of data stored on outdated legacy systems, how can a business protect its historical data against cyber risks if system maintenance is no longer available?
What’s more, GDPR isn’t just about data protection. Individuals – such as customers or employees – have the “right to be forgotten” and demand the erasure of all their personal information. How can companies delete the data if they don’t have a complete data inventory and don’t know where the data is stored? This blog helps to shed light on the answer.
The problem: Outdates Systems and Inadequate Security-to-End Data Retention Management
GDPR requires continuous protection and management of the entire lifecycle of collected personal information. It also stipulates that people have the right to know what personal data is collected, correct any errors in their data, object to or limit processing, or erase their personal data entirely. This means companies have an increased responsibility when it comes to data protection and data privacy. Those that breach the GDPR can face fines of up to 4% of annual global turnover or EUR 20 million, whichever is higher. Besides the financial penalties involved, a violation of the GDPR can lead to huge reputational damage and diminished customer confidence, which can take many years to recover from, if at all.
The problem faced by many companies is that a lot of data is stored on outdated legacy systems with limited functionality, where there may not even be the option to press the delete button. On top of this is the issue of inadequate protection against exposure to the risks of cyber-attacks, due to weaknesses in the system design and the lack of system maintenance options such as system upgrades and patches. Managing data on legacy systems can therefore be extremely costly and risky, bordering on virtually impossible.
The Solution: End-to-End Data Retention Management
With end-to-end retention management, all the data and documents – in varying formats and from all kinds of legacy system – are extracted and transferred to a secure platform, where they are stored together with their business context and managed in one standard format. The relationships between the various data are retained and all the information about any one person can be identified at the push of a button.
The JiVS end-to-end retention management solution provides all the functions companies need to meet the requirements of EU GDPR:
• Maximum protection against cyber risks thanks to the latest security technology.
• Management of data according to retention rules to ensure compliance with legal retention periods.
• Detailed inventory allowing easy identification and erasure of all data relating to an individual.
• Fully auditable data lifecycle through to documented deletion.
• Double-checking function to prevent accidental or premature deletion.
• Legal-hold function to suspend the deletion of data in case of lawsuits.
• Interfaces to legacy systems from multiple providers such as Baan, Microsoft Axapta, Oracle ERP, SAP, and Peoplesoft.
• Support for popular database management systems including IBM Db2, Oracle Database, Microsoft SQL Server, and SAP IQ.
By historizing data on a neutral, secure, and modern platform, companies can meet all the GDPR requirements, protect their reputation, and avoid hefty fines. Become GDPR-compliant with JiVS today. Contact the experts at DMI to find out more.
