GDPR and healthcare

On May 25, 2018, any company (regardless of geographic location) holding the personal data of European Union (EU) citizens will need to comply with the EU General Data Protection Regulation (GDPR). Part of the new regulation stipulates that companies must have an effective, regularly-tested disaster recovery solution. While this is important for any business, for healthcare providers the need is arguably the greatest.

Massive volumes of high value, critical and personal healthcare data, that can be spread across multiple locations, become increasingly vulnerable through multiple factors, including human error, natural disaster and malicious threat. The scale of the data management, compliance and protection challenges that healthcare organisations face today is unrecognizable if viewed from the perspective of twenty, ten, or even five years ago. For example, a petabyte worth of storage used to be a FTSE 100 problem. Today, a petabyte of storage is commonplace to large organisations – particularly those in healthcare.

Healthcare IT teams, scrambling to keep up with the rapid data growth, inevitably create too many storage islands resulting in management complexity, operational inefficiencies and increased total cost of ownership. Further, complying with regulations like GDPR can be quite complex and a lack of resources and budget can also be prohibitive.

A shift from traditional – often separate – backup and data protection models toward a converged model is poised to help ease the data cost, complexity, risk and compliance burdens faced by healthcare organisations. Traditional backup needs to read all primary data before moving it over a network to write to another storage target. When backing up applications, such as radiology, involving petabyte levels of storage, the systems and costs of storage can skyrockets.  Even worse than clogging the network is the challenge of successfully recovering data in the event of drive or system failure. It is challenging enough to recover files when the system is fully functional, but in a disaster recovery situation such as a ransomware attack, it is is just that – disastrous.

To reach GDPR compliance, the solution is not a massive fork-lift upgrade. Instead, it involves taking small digestible steps. The first steps are creating a scalable infrastructure, then creating an environment that unifies primary and secondary storage while integrating disaster recovery. This kind of setup is then able to digest massive amounts of structured and unstructured data. It also provides analytics and data intelligence. Imagine an infinitely scalable self-managing storage environment – namely, a storage environment that is self-managing, self-compliant, intelligently compliant, self-protecting and self-learning.


Florian Malecki, International Product Marketing Director, StorageCraft

The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.