Leading Edge Blog



General Data Protection Regulation: Compliance through the Commvault ContentStore

Gérard Lüchinger - 01.03.2018


Picture: (c) Flickr


Utilizing Commvault software will help your business to respond to and comply with the requirements of the European General Data Protection Regulation (GDPR). Let us explain how to achieve this and what tools you should employ. The Commvault ContentStore offers a number of suitable software tools for this purpose. 

The General Data Protection Regulation provides enhanced data protection for persons living in the European Union. It will come into force on May 25, 2018. After this date, any organization processing or administrating data from people residing in the EU must comply with the GDPR. Potential penalties in case of violations can cost millions.

 

How Commvault helps complying with the DSGVO

Commvault offers features to meet many of the obligations required by the GDPR. These functions are supported by the underlying framework of the Commvault ContentStore.

CommServe software and ContentStore: The CommServe software serves to manage and protect end-user data and data privacy. ContentStore ist the framework supporting all products and functions; it has been developed for the standardization of data administration processes and to facilitate greater and seamless control over business data through various interfaces. 

Web Console: The Web Console enables end-user access and management of any of their data backed up with ContentStore. Administrators can configure the Web Console enabling end-users to autonomously delete their data backed up from ContentStore. 

Content Analyzer: Content Analyzer is the engine used to extract named entities on data objects in ContentStore or Data Cube. Labeled entities may contain personally identifiable information (PII), such as national identification numbers, credit card numbers, phone numbers, email addresses, etc. The Content Analyzer package includes several built-in types of named entities that are commonly considered PII. You can also create custom named entities based on regular expressions and incorporate these custom entities in your business workflow.
Data Cube: Data Cube enables users to connect different data repositories in their IT infrastructure into a single interface. Data Cube includes several native connectors for a variety of common sources of data, including databases, file shares, websites, popular customer relationship management (CRM) platforms like SalesForce and Eloqua, and more. Data Cube is fully integrated with Content Analyzer to provide seamless discovery of personally identifiable information (PII) in your data sources. It comes with a built-in report that allows you to view and assess the potential level of PII exposure in your data sources.

Content Indexing und Compliance Search: Compliance Search is a search interface that enables you to query all of your documents in ContentStore and discover data objects that require attention. Advanced search options make Compliance Search a powerful tool for complying with legal requests for information or eDiscovery. Users can also search for named entities discovered using Content Analyzer directly from Compliance Search for easier identification of personally identifiable information.
Deleting archived and backed up data: The GDPR provides for individuals to delete their personal data from operators or third-party repositories under certain circumstances. With Commvault, administrators can delete data from backup or archival media to comply with such requests. They can also configure the software to enable end-users to delete their own data directly from the Web Console.

 

Support for your GDPR Compliance 

The following Commvault products and features can help your organization meet the requirements of the GDPR, including the data rights of EU residents.

 

Right

Description 

ContentStore Features

Breach Notifications

If an EU residents' personal data becomes compromised due to a data breach, organizations are obliged to notify the affected individuals within 72 hours.

Compliance Search enables you to search all of your documents in ContentStore to discover any data objects that require attention. Data Cube extends this functionality to different data repositories in your environment.

Alert features contained in the CommServe software, notify administrators about data activity in ContentStore. Administrators can also monitor data operations at a granular level using the Audit Trail feature in the CommServe software.

The security features included with Edge endpoints solutions, including DLP, Secure Erase, and laptop backups and restores enable you to perform impact assessments of endpoint assets that can become lost or stolen.

Right to Access

EU residents have the right to know whether or not their personal data is being processed by an organization and for what purpose. Furthermore, the organization must be able to provide an electronic copy of the data upon request.

Content Analyzer identifies personal information within the contents of data managed by ContentStore. You can use the Compliance Search interface or Data Cube to discover and report personally identifiable information (PII) belonging to affected persons.

Right to be Forgotten

EU residents may ask an organization to delete their personal data if the data is no longer relevant to its original purpose or if the residents wish to withdraw their consent to allow the organization to process their data. The right extends to possible third-parties that might be in possession of such personal data.

The CommServe software supports deleting data from ContentStore. Administrators can browse or search the data in ContentStore and remove it from the backup or archival media with a simple delete operation.

Data Portability

EU residents have the right to receive their data, processed by an organization, in a convenient format. They also have the right to transfer their personal data elsewhere.

Web Console enables end-users to access their data in ContentStore and download any backed up data to their computer. Compliance Search extends this functionality to the enterprise level and enables exporting data in a variety of formats.

Privacy by Design

Organizations that process EU residents' data must plan for data privacy at the beginning of all design projects. In other words, the requirements of the GDPR must not be an afterthought for organization. Organizations must only process data essential to the organization's tasks.

ContentStore is the framework that supports all of the products and features of the Commvault platform. ContentStore was built with the goal of data management, user privacy, and other GDPR stipulations in mind. The core operations provided by ContentStore include data backup, diverse restore functionalities, and user security.

 

 

Source: Commvault (2018)

 

UMB is a Commvault Marketbuilder Partner. Contact me now for any questions regarding um Commvault.

 

Additional resources:

GDPR Support with Compliance Apps
GDPR Solutions from Commvault

GDPR Sample Reports from Commvault
European Commission GDPR Website