With less than a year to go until the General Data Protection Regulation (GDPR) becomes legally enforceable, organisations need to develop an accurate picture of where their data is and how they manage to achieve compliance. However, legacy data systems present a distinct challenge to establishing this visibility and to making the necessary changes. This is according to software innovator TmaxSoft, who stresses the urgency of modernising these systems in order to take on these challenges.
The GDPR is specifically targeted at the swathe of personal data that many organisations now collect, and establishing where data is located is important for assigning responsibility under the new regulations. However, recent research from Compuware indicates that 30 per cent of European and US CIOs are unable to guarantee that they can find this data within their systems. Moreover, 53 per cent stressed that the data used in tests, which can include personal data, is particularly difficult to locate.
Carl Davies, CEO of TmaxSoft UK, commented on how legacy systems provide a particular obstacle to CIOs looking to locate data: “Under the GDPR, legacy systems will come under the same level of scrutiny as modern solutions. Unlike these streamlined solutions, however, legacy systems such as the mainframe can be notoriously opaque. They will often include myriad different data sources and use cases, from test data through to copies of production databases, that will all influence the storage of personal data. With decades of use and continuous development, these systems have often reached an intimidating level of complexity that makes it very difficult to establish which data is in the system and where it is - it is therefore unsurprising that so many CIOs can’t guarantee the location of customer data.
“Moreover, legacy systems also make it difficult to make any necessary changes to comply with the GDPR. Applications within legacy systems are often very old, with many iterations and revisions to navigate. Moreover, access to source code is not always forthcoming, and even where it can be accessed, the age of these systems means there’s an ever-decreasing pool of IT professionals who are actually able to deal with it. If overhauls to the legacy system are required to work with personal data and attain GDPR compliance, this becomes a significant obstacle.”
There are several options for those companies looking to make their legacy systems more manageable in order to ensure GDPR compliance, and TmaxSoft’s product OpenFrame helps customers lift those applications off the mainframe onto an opensystem, that then allows customers to more easily navigate, develop and modernise the use of the applications. Carl concluded by commenting on how organisations can deal with this legacy infrastructure: “These legacy systems represent a distinct threat to any organisation which wishes to avoid GDPR fines of up to ˆ20 million or 4 per cent of global turnover. The new regulation will force CIO’s to assess this threat and take appropriate actions.
“Openframe provides a platform that gives customers the quickest and lowest risk route in getting applications and data off the mainframe allowing for a much smoother and easier assessment of GDPR compliance and a platform for dealing with that risk”