Appendix F. European Union General Data Protection Regulation Considerations - IBM DS8900F Introduction And Planning Manual

Appendix F. European Union General Data Protection
Regulation Considerations
General Data Protection Regulation (GDPR) compliance is required by the European Union (EU), effective
May 25, 2018.
GDPR establishes a stronger data protection regulatory framework for processing customer data. GDPR
impacts IBM and IBM client contracts, policies, and procedures when handling personal data. GDPR
features include:
• New and enhanced rights for individuals
• Widened definition of personal data
• New obligations for processors
• Potential for significant financial penalties for non-compliance
• Compulsory data breach notification
Read more about GDPR:
• https://eugdpr.org
• https://www.ibm.com/data-responsibility/gdpr/
Basic DS8900F GDPR considerations
Complying with GDPR can present a challenge due to the variety of configurations and features available,
and the number of ways products can be used separately and with third-party applications and systems.
However, DS8900F provides functions to help comply with GDPR, such as encryption of data at rest.
Your knowledge of Field Replaceable Units (FRUs) containing customer data is critical. The DS8900F does
not store or retain customer data in non-volatile memory other than data drives within the storage
subsystem as written by your client applications. With encryption, if a drive fails and is replaced, the
customer data is not readable from the replaced drive that is returned. Without encryption, you may need
to retain and destroy failed drives to comply with GDPR. Your retention of the failed drive results in
additional service costs due to the loss of failed parts credits.
Note: You are responsible for ensuring your compliance with various laws and regulations, including the
EU GDPR. You are solely responsible for obtaining advice of competent legal counsel as to the
identification and interpretation of any relevant laws and regulations that may affect your business and
any actions you may need to take to comply with such laws and regulations.
The products, services, and other capabilities described herein are not suitable for all client situations,
and may have restricted availability. IBM does not provide legal, accounting, or auditing advice or
represent or warrant that its services or products ensure that clients are in compliance with any law or
regulation.
©
Copyright IBM Corp. 2019 133