>> Male: Live from Las Vegas. It's theCUBE covering Veritas Vision 2017. Brought to you by Veritas. (upbeat music) >> Welcome to Las Vegas, everybody. This is the Cube and we are here covering Veritas Vision 2017. It's the hashtag Vtas, V-T-A-S Vision, and this is Day one of two days of coverage here. I'm with Stu Miniman. My name is Dave Vellante. Jane Allen and Jay Cline are here from PwC. Jane is a partner and principal and Jay is a partner. Folks, welcome to the Cube, good to see you. >> Thank you. >> Thank you. >> Thanks for having us. >> So PwC leading global consultancy, I would say one of the top three, four, easily. Top 2. Maybe even top 1. >> Jane: Yes. >> I mean, you guys are gold standard for global. You solve problems that most people can't even begin to touch, except for a handful of companies. Jane, let's start with you. What's hot these days in your world? >> So I lead a practice, an information governance practice here at PwC, founded in a lot of folks with technology, legal support, regulatory backgrounds. And it pertains to all companies these days, right? How do you manage your data, to manage all the risks and reap the benefits of it. Certainly a hot topic and certainly with your privacy regulations on board, cyber risk, and just again all the benefits of data that companies are trying to take advantage of. It's been a growing consultancy practice and something that's very relevant to companies of all industries. >> Jay, we've heard a lot today about GDPR. I know it's something that you've been knee-deep in. What do people need to know about GDPR? >> I think GDPR boils down to one proposition, being able to prove that you have control over people's data. I think that summarizes the 72 different requirements of GDPR. >> Yeah, so GDPR, for those of you who don't know, General Data Protection Regulation, came out of the EU. One person on theCUBE called it a socialist agenda. (Jane laughs) But it's serious business, and if you can't ... I mean, actually, Jay, summarize, you know, what people should know about the exposure. I mean, essentially you have to be able to identify personal information and be able to delete that personal information on request, right, for any European Union citizen? >> Resident or citizen. >> Right, okay. >> That's right. >> So if somebody walks into Joe's pizza shop and says I want to sign up a bingo card to get, you know, mailings and your emailings, technically speaking, that person, if they wanted to do business in the EU, is responsible, is that right? >> You've got to know 360 degree view of all the personal data that you have of your employees, your consumers, your customers. You've got to be able to produce evidence on demand that you have this level of control. And whenever somebody comes in and asks for access to their data, to correct it, to export it, to their email, or to erase it, you've got to know whether you can deny that request or do you have to fulfill it, and you usually only have 30 days to fulfill it. >> So is this one of the hotter topics going on in your world these days? And what percent of your clients are actually prepared? >> I'll let Jay comment on how many are prepared, but you know, I think most companies, frankly, are trying to figure out how to be compliant and what is it they actually need to do. But it is a hot topic. I think even before GDPR, the landscape was already complex, right? People are trying to respond to litigation investigations, retention requirements from regulations, cyber risk, how do we manage it? And it's all about, what data do we have, where is it, and what are we doing with it, and how are we controlling it? And those questions are already there. GDPR highlights it. And with a May 2018 deadline, I mean, it's really putting the spotlight on this topic. >> Oh, yeah, that's one little, the fact that we forgot to mention, the clock is ticking. We're down under a year. So how about customer readiness? >> I think when we cross the one-year milestone in May, a lot of boards got exercised. The phone started ringing off the hooks, because they realized, we only have one more budget cycle to get this done. And so now I think, they're realizing that because GDPR hits the tech stack, and the IT budgets had already been planned for, the release cycles had already been put in place, they're now starting to ask, well, we can't get everything done by next May. What are the most important high-risk things that we do need to get done? And there's going to be more spillover work after May, I think. >> I think this highlights something that was already present in terms of the need for cross-functional senior leadership to pay attention to this, right? This isn't just a legal or privacy topic. It isn't just an IT topic. This really hits across organization and these folks need to work together. >> Jane, could you help us kind of uplevel a little bit. If I look at information governance, you mentioned it's super complex. You know, every company I talked to, they're deploying more and more sass. In the keynote this morning, Veritas said most of their customers have at least three clouds. We find, you know, absolutely it's, the strategy, especially if I start, oh, well, just different groups start using things, then how do I govern it? Do I even worry about security and backup and everything like that? How does this fit in the overall picture for most customers? >> Well, I guess that's what's interesting, right? There's no one right way of doing this right. And so it depends on your business, your industry, your customer base, your geographic location and outreach, and the data landscape. And you have to make smart decisions of what works within your corporate business culture even, of what is it that we need to keep and how we need to keep it and enable, you know, our engineers, our users, our customers, to leverage data, but also manage our risks. And there's just not one way to look at it. But again it goes down to really knowing what control you have, what you have, and where is it, right? But that's what's interesting, is for every company to figure out how is the best way for them to tackle it. >> So who's driving the information governance bus these days? I mean, with Sarbanes-Oxley it was the CFO. With the federal rules of civil procedure, it was kind of the general council. Who's really sort of in charge today? >> Well, I mean, depending on who owns it in an organization, looks a little different, usually legal and/or privacy, and oftentimes they are within the same group. >> Dave: So a chief privacy officer? >> Yeah. >> General counsel obviously involved, IT? >> Sometimes the compliance office again, depending how that's structured, but generally in that legal compliance privacy realm. >> Right. Okay, and when I think about some of those previous, you know, generations, Sox in particular, but also I guess FRO, CP. There was an effort within the company, because the ROI was just like, oh, we got to do this. It was like, okay, what does it cost to not comply, you know. >> Jane: Yeah. >> They would try to thread that needle. But there was always a faction that said, hey, we can... And consultancies were part of this. We can actually get value out of this. It's an opportunity to clean up your data, maybe to get rid of stuff, maybe you can reclaim some wasted space or, you know, et cetera, et cetera. Is that the way it is today with GDPR? And maybe we could unpack that a little bit. >> Yeah. One of the first steps that you have to take for GDPR, is to discover where all of your European personal data is, so data discovery effort. And in doing that, we've had a number of clients that for the first time, they've really put together a view of how they make money using data. And they're finding data, their chief marketing officer is finding data they didn't know they had. And so now they're able to monetize that data if they can use it responsibly within the privacy regulations of GDPR. So marketing is oftentimes funding, helping IT and Legal fund their GDPR efforts. >> And I think one of the other benefits is, if you have to go through this exercise to be compliant, but then you get additional insights in your data and you know where to invest more for those additional business opportunities, then at least hopefully you're reaping, again, more ROI off the effort. >> Well, I know the clock's ticking and there's a sort of virtual gun to organization's heads, but getting into that whole value notion, monetization, most organizations that we talked to, they don't really have an understanding of how data fuels monetization. Not necessarily monetizing the data, but how it contributes to monetization. What do you see in the customer base? >> This is the biggest area I think where GDPR is going to morph after May of 2018. I think the companies that can protect their exposure to this regulation, by going through the same processes to find out where their data is, they are positioned to monetize that data, to take advantage of new market opportunities, in Europe in particular. >> Okay. By the way, we should mention that this actually, the law is in effect, it's just the penalties aren't being-- >> Jay: Right. >> invoked at this point in time, right? >> Jay: That's right. >> So the recital is one-year grace period? And a lot of people are thinking, well, maybe we'll get another year of grace period. It's going to be really interesting to see how that goes down. And presumably the EU's going to go after the big pockets, right? I mean, those are the guys who have to be most concerned about this. But what about that midsize company? For your midsize clients, what are you advising them, that may not have the budgets of the big guys? >> We've been advising our clients that there are actually three ways that you can get hit by GDPR. The one that everybody's talking about is the famous 4% fine on your global revenues. That's what the regulators would impose on you if they discovered that you had an egregious violation of privacy. But there's another way that people aren't talking about that's going to be live on May 25th of 2018. And that's a new litigation risk for B2C. Anybody in the B2C space, even if you're midsize, if you violate the rights of a class of people, they can sue you on May 25th. And you can bet there are going to be law firms that are going to take advantage of this new situation. >> Dave: So they can sue you as individuals? >> As a class of individuals. There's also for people in the B2B space, we're seeing right away the contracting risk. And RFPs, they're saying as a condition to bid for this work, you've got to be able to sign that you are GDPR compliant. So you'll be locked out of the European market if you're B2B and you're not ready on May 2018. >> So we were talking off-camera. I was sort of struggling with trying to understand the direct fit with technology, Jay, and I thought you had a good answer. So what's technology's role in all of this? I mean, technology, can it help us get out of this problem? >> There's two parts where technology's very important. First is just discovering where your data is. That takes a lot of technology tools based on your tech stack, to be able to have an ongoing real-time data map. But the other one, the harder part, is responding to these individual rights requests, to ask for where their data is, to correct it, to delete it, to have that 360 view of individuals throughout your information environment. I think that takes IT to a new level. It hits all parts of the tech stack. >> All right. Because an individual can essentially say, I need to know what you know about me, right, that's part of it? >> Well, exactly. And a lot these companies that collect customer data and structured systems, they weren't really built for this type of exercise, to go through and search for something and actually dispose of it. And so companies are having to think very tactically. Okay, can I do this across all my different systems? And then certainly an unstructured data stores, again, what's there and how do we figure that out? >> So in the keynote this morning, we heard about GDPR. It looked like there was... I called it the doomsday clock, what was up on the wall. Can you bring back, how is Veritas doing? How are they helping customers with information governance and GDPR? >> Well, I think one of the really exciting things they demoed and talked about there is some of the data scanning or data profiling information, whether it be the classification or reporting out in terms of what is in this unstructured stores. Again, in order for companies to figure out what it is that they need to do process and technology wise is, what do we have out there again? And they're giving and enabling customers with some of their tools to be able to get some insights there, which I think is really transformative. I think people have been talking about these things from either a legal discovery standpoint, certainly a cyber risk. And I think this is just really adding on. So again, these tools help enable all of them, but certainly for GDPR. >> You have to get this first step right, the data discovery and classification, because if you scope GDPR too big, your compliance costs are through the roof. But if you scope it too small, your exposure's too big. So having a good discovery and classification approach, is critical to the success of your GDPR program. >> Has the industry solved the classification problem? I mean, for years, you really struggled to classify data. You could classify, you know, maybe data in an email archive, but data became so distributed by its very nature. Has that problem been solved? >> I would say no, but I've certainly seen a huge uptick in companies that actually finally just biting the bullet and getting themselves organized. But again, at least doing it because, hey, we need to figure it out for GDPR and privacy, we need to figure it out for cyber security controls, we need to figure it out for e-discovery, and just regular records management and how long we need to keep things. And so I think they recognize, wait, this satisfies a lot of different needs. But I don't know that there's an easy solution to it either. >> And the best practice organizations have automated that presumably, 'cause otherwise it's not going to scale, right? >> In the long-term that's what they're seeking, right, but you need to get the structure right, so you need to have file plans and organization of the information that makes sense to your employees and the way you do work, and then hopefully tie that back, knowing the data life cycle, to be able to classify things based on role, based on access, based on data type. So there's a lot of upfront work, but ultimately that's the-- >> So that's a taxonomical exercise, is that right? >> It is. That's a fancy word. >> Okay. But that's a heavy lift. And then it changes. >> It is, it is. But I think. Again, there's multiple benefits to that. >> Sure. >> And then going forward, you've got things in order for all those reasons. You can leverage the power of the technology, and then your functional groups and what work they do. People know what work they do, how long it generally it needs to be kept. And if you kind of can marry those two things from the business, the technology side, you can get set up and lauch. >> And then you can automate the policies around data retention. >> Exactly. >> What's your relationship specifically with Veritas? >> Well, you know, they're a client of ours, but we're also a client of theirs. >> Dave: Okay. >> I guess we're friends on a number of different angels and whatnot. But our practice tends to... Or we are technology agnostic in general, but we definitely want to stay on top of the different leaders in the industry. So that when we go to our clients, we can recommend, hey, these these are the top two or three that we believe could help you based on your situation, based on your data landscape, and be able to advise in that regard. So Veritas, between the backup tools, their e-discovery, and certainly some of the things they're doing on, you know, information governance and GDPR, is certainly one of the key providers that our clients should consider. >> So, I have sort of set up this discussion with a little background on PwC, clearly one of the leading consultancies out there. I would point to global, footprint, your deep industry expertise, you understand technology, you've been around, you know, you've got deep relationships. So other than those, what's the big difference, you know? Why PwC? And you can repeat some of those if you want. Probably be more articulate than I was. >> I think one thing that's different is what we call the end-to-end approach, where there might be other companies that have some of the qualities that you've talked about. But with GDPRs, it hits across five to ten different budgets in an enterprise. And we'll take a company through a transformational journey across all of them. We have auditors, and we have lawyers, and technologists, forensic scientists. GDPR really hits across all the functions of the enterprise. Because of our scale, we can hit all of these. Whereas other providers will take different slices of that. >> I would also add, PwC looks at our clients as forever clients. We're not looking for a one transaction and see you later. I mean, we look at them in terms of we want to be a firm that supports and partners them, whether it be on the consulting side, audit, tax, whatnot. And so we look at that that way in terms of trying to support them. And maybe that's just one point solution, maybe it's broader. But we'll bring the right experts to the table that fits for that client. And so we always want to think about it that way. While we might have ways and approaches that we leverage, hey, if they've got a specific need or a specific specialty, we'll bring the right expert to the firm. >> So that leads me to like my last question, which is, so it sounds like GDPR, and in chain of the context of that answer, is not just a tactical sort of pain relief project. Is it part of more strategic digital transformations? Are you able to make that connection? Or are people just in too much of a rush to fix the pain? >> No. Jay and I were talking about this earlier today. I mean, I'll use the example of some of the cloud transformation that companies are going through, right, if they haven't already, and thinking about their data and how they operate differently. And wait a minute, we don't need to forklift all of our data over. Let's think about it. And oh, by the way, let's make sure we're compliant with GDPR, right? So there's a number of different ways that you can kind of pull in different pieces that are helpful to clients. I think there were a number of different aspects to that, that we were talking about. So it's certainly something front and center, but it's not a one time, let's check the box and move on exercise either. >> Awesome. All right. We got to go. Thanks very much for coming the Cube. >> Thank you. >> Thanks. >> It's good to meet you guys. All right, keep it right there, everybody. We'll be back with our next guests. This is theCUBE. We're live from Veritas Vision 2017 in Las Vegas. We'll be right back. (techno music)