StorageCraft Update on the Upcoming European General Data Protection Regulation

JANUARY 9TH, 2018
Dear StorageCraft Partners, Thank you for trusting StorageCraft to secure your customers' most valuable asset—namely, their data. Data privacy is an important aspect of data security, and StorageCraft has always taken both very seriously. Rest assured that we will continue to do so. As you probably know, the EU General Data Protection Regulation (GDPR) takes effect in late May 2018. As that deadline is approaching rapidly, we want to share with you StorageCraft’s progress in meeting the GDPR’s requirements. But first a little background: The GDPR is a piece of legislation that was approved in April 2016 and will be effective globally from 25th May 2018. This single, European Union-wide regulation removes many of the complexities that businesses currently face in attempting to comply with the many local data privacy laws across the EU. Currently, each of the EU states interprets the existing data privacy rules in their own way, making compliance across the region complex and expensive. The GDPR seeks to unify EU data protection legislation. It also simplifies many processes and legal obligations for any company dealing with personal data located in more than one EU state. The scope of the GDPR substantially increases the obligations of any company dealing with the personal data of EU citizens, regardless of whether the company has an office in the EU. If a company processes or controls the personal data of EU residents in offering the company’s products or services, the company is subject to the GDPR. The penalties for non-compliance are substantial and consequently, non-compliance presents a substantial business risk for companies worldwide. If the GDPR is not a topic in your boardroom, it should be.StorageCraft’s GDPR Compliance ProgramGiven the nature of StorageCraft’s business and solutions, we have always strived to be an industry leader in the area of data privacy, carefully implementing processes and procedures for the collection, storage, transmission, security, and encryption of the data we process. As a result, StorageCraft’s existing GDPR compliance posture is already very strong. We are confident that we will meet or exceed all GDPR requirements from the 25th May 2018 date onwards. To that end, we are working very closely with leading data privacy experts in our march toward the May 2018 deadline. StorageCraft has established a company-wide GDPR Compliance Task Force to ensure cross-department awareness and compliance with the new regulations. The GDPR Compliance Task Force has adopted a GDPR Project Plan in consultation with our data privacy advisors. At present, the Task Force is nearing completion of the data-mapping phase of the Plan. And as the GDPR implementation date approaches, we are also pleased to report that we have been busily providing requested assistance to our customers in fulfilling their obligations as processors and controllers of personal data. In the coming months, StorageCraft will continue to provide you with updates on our GDPR compliance efforts and with important information on changes to our contract and licensing processes associated with our products and services.StorageCraft Solutions as a Part of Your GDPR Compliance EffortsAs the GDPR deadline approaches, remember that StorageCraft’s products and services can play a key role in ensuring that you comply with the new regulation’s requirements. Article 32 of the GDPR requires data controllers and processors to implement technical and organizational measures that ensure a level of data security appropriate for the level of risk presented by processing personal data. Data security measures include restoring access to personal data in the event of a physical or technical security breach. StorageCraft data protection solutions with infinite scale-out storage help organizations of all sizes protect and secure their data in order to meet their RTO (Recovery Time Objective) and RPO (Recovery Point Objective) in the event of a disaster, and thereby recover personal data. Pseudonymizing or encrypting personal data is also a requirement of the GDPR. StorageCraft OneBlox scale-out storage offers an optional AES 256 encryption. This allows administrators to ensure that all data is encrypted before being written to the physical disk. With encryption enabled, failed or stolen drives are unreadable. In addition to this, StorageCraft ShadowProtect, our award-winning backup and disaster recovery solution, uses encryption technology to allow backup images to be encrypted at AES-256 bit military-grade encryption. To keep all data safe, StorageCraft requires you to encrypt your data before it is sent to our StorageCraft Cloud Services, where backup images are stored in their encrypted state. Should you have any question regarding StorageCraft’s privacy policy and GDPR efforts, or how StorageCraft solutions can help your customers to protect their data to meet the GDPR requirements, please feel free to contact your local sales representative or myself. Kind regards, Andy Zollo - VP of Sales EMEA andy.zollo@storagecraft.eu