In a bid to make achieving GDPR readiness a tad easier, Nlyte Software has released a new solution.
The data centre infrastructure management (DCIM) software company announced the global availability of its new Nlyte GDPR solution for managing and monitoring the physical computing infrastructure that maintains organisations’ sensitive data.
Nlyte says its solution enables organisations to track physical IT infrastructure where the data resides, how those physical assets are managed and maintained, and who has made changes to those resources.
This of course is crucial as its what the GDPR centres around – the protection of personal data. The law is very explicit in its definitions of personal data, how it can be used and how it should be protected and managed.
If any organisation does not know where its customers’ data physically resides, they could be in big trouble as it’s impossible to truly understand the risks posed by malevolent or non-malevolent events occurring to those systems.
“For GDPR compliance, the physical security of the data processing infrastructure is as critical as the digital management,” says Nlyte co-founder & CTO Robert Neave.
“The concern of physical infrastructure extends beyond an organisation’s data centre, and includes colocation facilities, managed service providers, hosting services, SaaS vendors, and virtually any XaaS vendor.”
Nlyte provides support for processes related directly to specific articles within GDPR:
- Article 35, Data Protection Impact Assessment – through Nlyte Workflow. Workflow provides the ability to assign a data protection officer’s review activity within any IMAC data centre process. This includes a GDPR form supporting capturing the asset name, application name, and if the system is running or hosting customer data.
- Article 17, Right to Erasure (Right to be Forgotten) – Nlyte Asset Management provides the Controller the ability to flag/track the lifecycle of all assets that have been used for the storage or processing of data subjects’ (personal/customer) data.
- Article 58, Investigative Powers – Nlyte Asset Tracking, along with business applications mapped to Nlyte’s Asset Optimization database, and support compulsory data protection audits. Nlyte Discovery provides asset integrity monitoring by ensuring all assets and applications are aligned correctly within the physical compute infrastructure. Additionally, it identifies any assets or applications that have changed in or out of authorised workflow and compliance standards.
- Articles 59, 33, 33a, Activity Reports, Data Breach Notification to authorities – Nlyte Impact Assessment Reports list assets that have been flagged for GDPR tracking, providing Executive Summary or Operation Drill-down views
- Article 45, Transfers on the Basis of an Adequacy Decision, International Companies – Nlyte lifecycle tracking of assets, and their moments between locations, provides accountability and compliance visibility and reporting.
“Recent outages and hacks exploiting vulnerabilities at the physical layer have highlighted some of the risks organisations’ data is exposed to in today’s digital world,” says Nlyte CEO & president Doug Sabella.
“For too long organisations have been exposed to potential power outages or known vulnerabilities with firmware/software on physical assets. The Nlyte GDPR solution will help mitigate these varied risks while also reducing the time to show GDPR compliance.”
Nlyte hopes to provide peace of mind for organisations handling EU citizen’s personal data by helping them to gain compliance.