The EU General Data Protection Regulation (GDPR) compliance centers around Personal Data and its Protection (article 4, section 1) in the context of any organization that conducts business with personal data of data subjects, in or from the 28 EU member states. GDPR requirements span compliance, data protection and personal data, including governance, accounting, privacy, data breach procedures, cross border data flow, and other responsibilities across different stakeholders within the organization. More importantly, compliance requirements start with defined ‘processing activities’ on personal data, which may then require GDPR duties like obtaining consent and restricting data to its permitted use. Organizations cannot achieve compliance by just using specific products or solutions, rather the usual Compliance challenge of organizational change across people, policy and processes is needed. From an IT point of view, the overall GDPR compliance requirements cover the entire solution stack including applications, middleware, platforms, and infrastructure – especially if any of these are directly or indirectly dealing with personal data. Hence there is not going to be a “one size fits all” GDPR solution for businesses. The role of the IT solutions is to enforce the correct handling of personal data per identified processes by the establishment and each element of the solution stack will need to address the objectives as appropriate to the data it handles. Typically, personal data resides either in form of structured data (like databases) or unstructured data (like files, text, documents, etc.). Here is an article, where we specifically deal with unstructured data and storage systems used to host unstructured data and insight on how to to get the support for your file and object storage.
IBM Spectrum Scale functionality to support GDPR requirements.