Egnyte aims to help firms manage and protect PII data under GDPR

GDPR readiness

Egnyte has set out to help companies meet one of the key challenges under GDPR; identifying and classifying personally identifiable information (PII) both in the cloud and on-premise.

The file-sync and share firm, which operates across both these environments, claims to be the first storage platform with the ability to detect PII data - which can range from bank account details to healthcare information and even work email addresses.

The EU's General Data Protection Regulation (GDPR) comes into force from 25 May 2018, introducing tougher fines for organisations that don't adequately protect EU citizens' personal data, and giving those citizens more control over what their data is used for.

One of the biggest challenges firms face in complying with the legislation is discovering where all their data sits, and what the nature of that data is.

While cloud firms have jumped on this as a marketing opportunity - by guaranteeing data stored on their platforms will be GDPR compliant - organisations will still be liable for any breaches of that data, so cannot outsource complianceresponsibilities.

But firms won't need to apply strict protection or encryption to all their data, as not all of it will be people's personal information, and protecting everything will just cost a lot of money and effort.

Today, then, Egnyte claimed to be the first vendor to extend this GDPR compliance ability to on-premise data repositories too, and to allow customers to set rules around the types of data they wish to protect.

General Data Protection Regulation (GDPR) How GDPR is going to redefine the cloud

Pointing to GDPR and Australia's Privacy Amendment that requires firms to notify parties about data breaches, Egnyte co-founder Kris Lahiri told Cloud Pro: "Compliance as a whole is getting a major overhaul worldwide. With the evolution of digital record keeping and the digital management of personally identifiable information, the world has reached a point where loose laws and ambiguous legislation are no longer acceptable."

Lahiri, also the company's data protection officer, added in a statement: "Our goal is to simplify compliance by providing a single platform with easy-to-use tools that businesses can trust to securely manage all of their content, in whatever country they are doing business in."

The new capabilities rely on Egnyte Protect, a product released last summer to allow IT admins to set up file access controls and impose rules around where and how the files are stored.

Now customers can apply Protect's pre-defined 'GDPR' rules to any personal data they have stored in the cloud or on-premise, or apply their own custom rules to this data, for instance by instructing Protect to apply these rules to all data tagged with a certain keyword.

Like other cloud providers, Egnyte also offers a European data centre to ensure EU data doesn't leave the region (though this isn't stipulated under GDPR, it can be under certain industry regulations).

Customers can also create alerts to monitor particular types of data; so if a hacker manages to access PII, they can spot the breach, and adhere to GDPR's requirement to notify their data protection authority within the 72-hour window.

Main image credit: Bigstock