GDPR: What are data protection companies doing


The Big Picture: How are data protection software and hardware vendors dealing with GDPR? As a prospective buyer of technology, what should you consider when shopping vendors and comparing their solutions as they relate to GDPR? Watch this short video to find out.


- Hi, Dave Littman, Truth in IT, joined by Christophe Bertrand, Senior Analyst with Enterprise Strategy Group. Christophe, welcome.

- Hello, Dave. Glad to be back.

- Alright, hey, we're tryin' to get to the bigger truth about GDPR, and one of the questions I had was what you're seeing out there today, Christophe, in terms of the data protection companies, and whether or not they are making any specific provisions for GDPR, or whether you're seeing certain vendors really take the lead in that role. You know, without naming anybody, but just curious to what you're seeing out there.

- Yeah, so there are, absolutely everybody's talking about GDPR, and they've found out they really should be, because, of course, customers and users have lots of questions about, "Hey, how does backup fit in GDPR? "Can you help me be compliant?" Or, "Aren't backups a problem", because there's this right to be forgotten, and can you really forget someone if it's got years of backups of that data. So, the answer is very interesting. You look at the landscape, lots of different approaches. The vendors who happen to have data classification type of tools, or are working with partners that do that, are probably in very good shape to start with the answer, simply because you wanna know where the private data is that you want to protect or eliminate, depending on the circumstances for, again, to comply the privacy requirements set out by GDPR. The other aspect is email, which is a very interesting topic because it turns out that it's not just data that's on stored systems or end points, whatever the case may be, it's also data that goes through your email, and sometimes it's a photograph, it could be just an email address, by the way, is a PII, personally identifiable information, that falls into GDPR. So you can imagine, just look at your own email. How much data that you've used that you've probably been exchanging with a number of vendors that are exposed to, or have to comply with, GDPR. So, having a good set of archiving tools, as well as metadata detection and classification, filtering type of tools is important. And, last by not least, big CRM systems. I can think of one that leads the market now. There are solutions that are emerging, around GDPR specifically, to mask the data, to find it, to also create pseudonyms, as needed, so that your name or your personal information cannot really be easily recognized without having the key to it. So lots and lots going on, and I think that you are gonna see a very vibrant ecosystem in the next few years, as more and more integration happens, more and more partnerships happen, and it's necessary. No one has the full answer, and it's gonna be a very long, long road, and certainly a good one for a number of consultants out there.

- Yeah, I bet, I bet. So, what you're saying is that there is technology involved but that there is also a real decision-making process that must be made on the part of the buyer to get a feel for the type of ecosystem that these vendors have to help provide a full solution?

- Absolutely, and the thing is for end users, they first have to do the work sort of inside themselves. What, how do they wanna organize, and that's why you have the data protection officer as an important role in GDPR. That's a requirement. And based on what they already have, and looking at the various vendors' ecosystem, they can start figuring out how to tackle this. And, we've seen the constant piece of it being addressed. In other words, the all of these opt-ins, that, all those emails you've received wasn't really from all of these social media platforms, now that's GDPR right there. And, of course, other e-commerce, and I've got a least 20 in my inbox, and it's all GDPR driven, but that's just the tip of the iceberg. I haven't called anybody yet to get information about to know what they knew about me, or has to be forgotten, but maybe I will try and tell you how it went. I think it's gonna be a very long road for many vendors to get that full story, maybe they shouldn't, maybe they should just focus on what they do, focus on data protection. We're seeing a lot more movement towards data management, where that's matter about the contacts, the data, you're protecting, and definitely I think that that combination and a general evolution of the market, with the partnerships in ecosystem is gonna be what the ultimate play is. No one has just the full answer, at least today. And remember, a lot of it is about processes and internal processes too, so it's not just technology.

- Okay, fabulous. Well, Christophe, we appreciate it. Thanks for takin' the time to come by and speak with us, and let's have you back again soon. I think we'd love to talk a little bit about GDPR and ransomware, and how those two connect, so we'll have ya back for that. Okay, great. Alright, Christophe, thanks again. Thanks for watching. Alright.