Network visibility and assurance for GDPR compliance

The EU General Data Protection Regulation, or GDPR, came into force on May 25. With every organization with customers and suppliers in the European Union now accountable for the way in which they handle or process personal data, much work has been done to ensure compliance by the deadline. As a result, all levels of a business are now concentrated on meeting the requirements of the new regulation, throwing the issue of data protection into focus like never before.

When you consider how big and complex IT networks have become in recent times, however, it has become almost impossible to detect just when and how a security breach or network failure might occur. Unsurprisingly, network security and information assurance are crucial to GDPR compliance, with the regulation stating that measures must be put in place to mitigate the risk associated with assuring information integrity and availability in the face of threats such as malicious code or distributed denial of service (DDoS) attacks.

It is therefore essential that businesses worldwide have complete visibility of their IT networks, not only to protect their customers’ personal information (and thereby their own brand reputation), but also to assure uninterrupted service delivery and, of course, compliance with the new legislation.

In addition to calling for the “pseudonymisation and encryption” of the personal data they handle, Article 32 of the GDPR also states that companies must “ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services” and be able to “restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”.

Given the size of the penalties for non-compliance, it’s more important than ever that organizations take steps to minimise the risk of network downtime, or else they could find themselves on the wrong side of the regulations.

Since the information protected by GDPR and other similar regulations traverses the network in the connected world, the availability, reliability and responsiveness of this need to be assured. This isn’t only important for GDPR and compliance in general, though; it should be a top priority for any business today.

From banks to retailers, and manufacturers to utility providers, organizations across every industry are now reliant on consistent, always-on connections to their customers, partners and suppliers. If this connectivity is to be removed, business could grind to a halt. Indeed, future of any company today depends on the resilience and availability of its IT and communications networks.

Network visibility for service assurance

Regulations such as the GDPR, PCI-DSS and HIPAA define the types of personal data that may be collected and recorded by a business, such as personal email addresses, phone numbers, IP addresses and credit card information, health records as well as where that data can be sent and how it should be secured and assured.

Since GDPR also restricts cross-border data transfers, it’s important that networking teams understand the country of origin of any particular data, and how that data will traverse the organization’s networks, remaining mindful of which paths it will take and where it will be stored.

To assure and keep track of this information, therefore, businesses will require full visibility across their entire network, including in the data centers and – now, more than ever – the cloud. This holistic visibility across the entire service delivery infrastructure – from the wireless Edge to the Core to the datacenter and into the Cloud – can be achieved by continuous end-to-end monitoring and analysis of the traffic data, or “wire-data”, flowing over the network.

With GDPR compliance, and Article 32, not to mention much of modern business activity, reliant on the availability of effective, resilient and secure infrastructure, it’s important that the right approach is taken to service assurance. Analysis of this wire-data in real-time will enable IT teams to generate smart data which can provide the end-to-end service-level visibility and actionable insights they need to deliver this assurance.

Avoiding potential penalties

Under the GDPR, any organization that processes the personal data of EU citizens, including the tracking of their online activities, is now within the scope of the law, regardless of whether or not that organization is located in the EU itself. Many column inches have already been dedicated to the fact that any company found to have neglected its duty in protecting the privacy of that data may be liable to a potentially eye-watering fine of up to €20 million or four percent of its annual turnover, whichever is higher. While the privacy and protection of personal data have always been important considerations for a business, the prospect of penalties such as this mean there is more at stake now than ever before.

However, with robust protection measures in place, and with the assurance of complete network visibility and availability, businesses across the world can be more confident that the reliability of their networks is a check on the GDPR compliance list.