How Object Storage Enables GDPR Compliance
February 15, 2018

How Object Storage Enables GDPR Compliance

GDPR-Week 2In last week’s blog, I looked at the challenges GDPR presents. In this week’s blog, we will take a look at how Caringo Scale-Out Hybrid Storage provides a simple and cost-effective solution that can enable GDPR compliance.

The first challenge: how do you find all the relevant data when you receive a “Right to access,” a “Data Portability” or a “Right to be forgotten” request from an EU resident? Expecting that anyone can manually login to every application and storage system used by your organization and locate the right data is unrealistic. Not only would this be time-consuming, but it opens the door to the risk of data being missed or data being included that is not within scope.

It would be far more practical to run a single search request against the storage system that then matches all relevant data that is within scope. Of course, depending on the type of request, the scope may change. For example, a “Right to access” request may need to include data that cannot be removed during a “Right to be forgotten” request, and of course a “Right to be forgotten” request cannot include any data that must be retained by law.

Metadata Radically Simplifies Search

This is where the power of metadata in Caringo Swarm comes into play. Unlike traditional storage and other object storage solutions, Caringo Swarm object storage allows metadata to be directly attached to the object (data), not stored in a separate database. Swarm also allows this metadata to be modified without having to rewrite the entire file. Most importantly, all of this metadata is indexed and becomes searchable. Watch this on-demand webinar to learn more.

For example, for all data related to myself, I can attach a piece of metadata such as ‘person-name: Glen Olsen’ and ‘person-DOB: YYYY/MM/DD.’ Now, I can run a query directly against Caringo Swarm requesting a list of all data with matching metadata attached. As long as this metadata has been attached directly to the object, it will be listed regardless of which application or system wrote the object. Additional metadata I can attach might include the application that owns and wrote the data, why we retained that data in the first place, and if that data is eligible for “Right to be forgotten” removal. I now have all the information attached as metadata and searchable to create a list using a simple query against the Swarm storage system, without the need to manually log into any application. Yes, with Caringo Swarm, it can be as simple as that.

Replication Automates Data Removal

As we discussed last week, the “Right to be forgotten” can present a whole new set of challenges when this comes to Dev, Test and QA, since often a copy of production data is taken for these environments. How can we ensure that any data removal related to a “Right to be forgotten” request is populated to any copies created of the data? Caringo again offers a simple solution to this problem. Instead of Dev taking a copy of production data, Dev can instead configure replication of data from production so that if the data is removed from production it will also automatically be removed from any replication destination. Moreover, each time a department needs to refresh their copy of data, they can replicate the data from production, ensuring that no data that was removed during a “Right to be forgotten” request reappears in any other environment.

Continuous Protection without Backups, Significantly Reduces Discovery Time

Traditional backup will quickly become a thorn in the side of any organisation trying to maintain GDPR compliance, as any “Right to be forgotten” request will require data to be removed not only from Production, Dev, Test/QA and similar systems, but also every copy of that data held in backup. This includes physical media such as tape or other archive. The only easy answer here? Stop using traditional backup systems and count on the continuous, built-in data protection features of Caringo Swarm. That way, your Chief Security & Risk Officer can breathe easy, knowing that your data is protected and that you have the tools in place to enable compliance with GDPR.

Next week, in the last of this GDPR blog series, we will look at “data protection” and, more specifically, how Caringo Scale-Out Hybrid Storage helps GDPR data protection officers maintain and monitor compliance.

Don’t forget to register for our upcoming webinar on February 27, when my colleague Alex Oldfield, Solutions Architect, and I will present a webinar on the challenges organisations face and how Caringo Swarm provides a cost-effective solution to meet GDPR requirements as well as how Data Protection Officers can use Swarm to monitor and ensure compliance.

Register now to watch live or on demand.


February 27, 10:30 a.m. GMT
GDPR’s Dirty Little Secret & How Object Storage Enables Compliance


Register Now

In the meantime, if you have any questions, feel free to reach out to us at, and we will be happy to have one of our object storage experts get back with you.

The post How Object Storage Enables GDPR Compliance appeared first on Caringo.