Management > Identity

Vendors partner up as clock ticks louder towards GDPR debut

David Bicknell Published 23 May 2017

With GDPR now just a year away, and NHS cyber-attacks fresh in the memory, suppliers of management consultancy, archiving and testing services are keen to highlight their expertise


It’s a year to go until the introduction of the EU’s General Data Protection Regulation (GDPR) and two weeks since WannaCryptor randomware created cyber havoc in more than 150 countries.

So the timing is almost perfect for a range of providers to introduce new solutions to data privacy and cyber security challenged users.

Management consultancy EY announced today that it will be collaborating with Microsoft on a broad approach to help address many of the challenges clients are facing around GDPR, which comes into effect on May 25 next year.

GDPR applies to all businesses offering goods or services to the EU and sets out aims to protect the privacy and security of EU residents' personal data “through the imposition of numerous requirements impacting the entire data lifecycle within most organisations”, as EY describes it.

The jointly-developed EY-Microsoft service will use existing and new capabilities from both companies to offer both technology and processes to help support compliance and risk management.

The initiatives will comprise using Microsoft's Secure Productive Enterprise initiatives, including Microsoft Azure, Microsoft Office 365 and Windows to help comply with GDPR regulations while also using EY compliance, privacy and data protection offerings. The new service augments an existing portfolio jointly developed by EY and Microsoft, including services to help organisations sense, resist, react and recover from cyber attacks.

Another pair of companies banding together with GDPR are enterprise backup, recovery and archiving company Commvault and webscience company FlyingBinary, which have created a Private Health Data Vault service to offer NHS trusts GDPR compliance.

The service, based on the Commvault Clinical Archive aims to address data management on both the clinical and business sides of healthcare in a single platform. For example, it will enable providers to decommission legacy picture archiving and communications (PACS) systems into a single data management platform, while making legacy data accessible to new PACS solutions and available for bulk migration.

As the clock ticks down to GDPR coming into force over the next year, organisations are under pressure to ensure the data they hold is GDPR-compliant. In the NHS, this is particularly difficult due to the numbers of discrete systems used: a typical NHS trust hosts between 350 and 500 different stand-alone applications, all holding patient data. This means that not only is patient data stored in many different places and formats, but that legacy systems that are no longer in use cannot be decommissioned for compliance reasons until the data they hold is removed. This comes at a significant cost to NHS trusts.

The Analytics Private Health Data Vault service will be available on the G-Cloud 9 framework, which launched this week.  

Dr Jacqui Taylor, FlyingBinary’s chief executive says, “Traditionally the public sector has lagged in its use of cutting-edge systems, especially in healthcare. We have built this new G-Cloud service based on Commvault’s Clinical Archive. It is a key component of our cloud service for NHS trusts, to give them the transformation tools they need to become data-driven organisations, as well as providing a significant step towards GDPR compliance. Unlocking the data held by the NHS is key to improving efficiencies and better patient care.”

The problems that hit the NHS two weeks ago has spurned reams of comment from IT security companies, many of whom will be exhibiting at the Infosecurity Europe show in a couple of weeks’ time.

Alongside much of the debate over the reason the NHS was badly hit has been comment from inside the NHS that highlighted its resilience. One IT specialist insisted that the fact that circa 43 of the 45 hospitals were up and running systems again the next day was impressive in itself.

Another issue that has emerged is that of testing.

Rob Maxfield, senior director at testing specialist Edge, another company recently named to G-Cloud 9, says, "The NHS was hit hard because IT wasn't upgraded, but why is upgrading IT so difficult and expensive? The problem is that upgrading outdated systems isn't just about the cost of a new licence or someone physically carrying out the upgrade. The hidden cost - and risk - is in all the extra hardware and software that has been integrated over the years with the system being upgraded.

"These extra systems are often business critical and end-users rightly worry about the impact of the upgrade on those systems - will they still be able to deliver their services to consumers after the upgrade? At Edge, we help mitigate these risks by undertaking full risk based driven end-to-end and regression testing to ensure all current functionality will continue to work as expected."

As well as its initial Digital Test Hub in Glasgow, launch in 2013, Edge recently opened a second test hub to expand its footprint in Birmingham to offer public sector organisations access to remote, on-demand testing services.

The Digital Test Hub operates as a challenger to the offshore testing model as it can be accessed easily and quickly by public sector organisations looking for a UK-based remote testing service. This is especially key for dynamic projects that are subject to change, as there is no need for long-term contracts and the service can be switched on and off as necessary.

The challenge of GDPR remains signifiant. A recent survey by Guidance Software found that some 24% of companies polled in the UK and US expect to miss the GDPR compliance deadline next May.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.