Three Tips to Ensure GDPR Compliancy for Organizations based in Asia

By Raymond Goh, Head of Systems Engineering, Asia & Japan at Veeam Software

Raymond Goh, Head of Systems Engineering, Asia & Japan at Veeam Software

In a few short weeks, the grace period for businesses to get themselves General Data Protection Regulation (GDPR) compliant will end. While the GDPR might be an EU regulation, its impact is guaranteed to be felt by all organizations that conduct business with the EU.

Asia represents an active and growing market for EU. ASEAN, in particular, is EU’s third largest trading partner outside of Europe, and has been recognized for its high growth potential, with EU companies investing an average of €19 billion annually in the region . Strong business relations between EU and Asia highlight the importance of the GDPR to all Asian organizations, and the clock is ticking for corporations to ensure they meet the stringent criteria before May 25 arrives.

GDPR compliance is unique to each company as each company is unique, but here are three tips to get you started:

1. Check for any personally identifiable information (PII) of EU residents

Determine if your organisation has any sensitive data of EU residents. PII refers to any data that can be used to identify an individual. While your first thought might be information such as name, contact numbers, email addresses etc., PII also encompasses IP addresses, location data and more.

Beyond knowing, managing, and protecting your data, enterprises should also keep a firm hand in documenting processes and reporting any breaches to comply with the GDPR

The GDPR has also put in place even stricter regulations for sensitive PII which includes race, religion, ethnicity and more. Be aware of such data and know who has access to it. If your enterprise deals with multiple businesses around the region, consider investing in technical solutions that can gather and analyse data efficiently and accurately to streamline the process.

2.Manage Sensitive Information

After identifying the PII your organisation owns and who already has access to it, establish clear processes on the usage of such data. This is important as the GDPR requires organisations to declare what data they are collecting, why, where the data is used, and how it is being stored. Careful handling will ensure transparency and clarity in all processes. Some templates for easy management can be found in Veeam’s recent white paper that talks about our experience in ensuring GDPR compliance.

3.Protect your Data

With the continued sophistication of malware, such as the latest Scarabey ransomware, which threatens to delete your files until you pay up, it is now more vital than ever for organisations to protect their data. Air gapped backups are “offline” backups that cannot be manipulated or deleted remotely, an improvement of the original 3-2-1 rule with an additional 0. Having a sound protection plan in place ensures companies do not risk losing their data and can quickly recover important systems.

As the GDPR continues to approach, organizations should take this opportunity to reevaluate their processes and improve data privacy and security.

Beyond knowing, managing, and protecting your data, enterprises should also keep a firm hand in documenting processes and reporting any breaches to comply with the GDPR. In the rapidly evolving digital world we live in, it is now more pertinent than ever for corporations to constantly review and improve their processes.