that are aimed at educating you, When they come to theCUBE, it's a more conversational interview. We have big technology executives, from Michael Dell, for example, who come to theCUBE, share different messages, and reach a much bigger global digital audience than they could in person. Whether you're watching from home, in Europe, in Asia, it doesn't matter where you are, you can access and watch live, and access on-demand content 24 by seven. We come to you wherever you are. We bring to you real, live conversations so you understand how you can make a difference >> Announcer: Live from Nice, France, at your company. >> Technology industry for over 12 years now, so I've had the opportunity of a marketer to really understand and interact with customers across the entire buyer's journey. Hi, I'm Lisa Martin, and I am a host of theCUBE. Being a host on theCUBE has been a dream of mine for the last few years. I had the opportunity to meet Jeff and Dave and John at EMC World a few years ago, and got the courage up to say, "Hey, I'm really interested in this, "I love talking with customers, "give me a shot, "let me come into the studio and do an interview, "and see if we can work together." I think where I really impact theCUBE is being a female in technology. We interview a lot of females in tech. We do a lot of women in technology events, and one of the things I personally love is understanding what their career path was. They're very inspiring, and it's a great vehicle, theCUBE, to showcase and raise the profile of females in the technology and software space. The benefits for vendors to have theCUBE at events are manyfold. I think the first one is de-mystifying the messaging. You're going to hear great guys and gals as keynotes, prepared speeches. it's theCUBE. Covering .NEXT Conference 2017 Europe. Brought to you by Nutanix. >> Hi, I'm Stu Miniman, and we're here at the Nutanix European Conference .NEXT, and, being in Europe, one of the hot topics of conversation leading up to May, 2018, is, of course, GDPR. So happy to welcome to the program two guests that are here talking about this, Famke Krumbmuller and Nina Vassilief. Thank you so much for joining us today. So, Famke, we'll start with you. You're a partner with OpenCitiz. Tell us a little bit about your background and what your organization does. >> Sure. So OpenCitiz is a consultancy. We work together with companies and businesses helping them to understand the impact of policy and politics on their business, especially European politics and national politics of countries in Europe. We're based in Paris. I'm here to talk about GDPR. >> Alright. And Nina, you're a security and GDPR consultant. Tell us a little bit about your background, also. >> Well, I used to work with Volkswagen Group France as CTO and I'm a CISO, and then I was asked to work basically on GDPR and security as a consultant, because many companies want to be compliant by the due date of May 25th next year. And many companies are having a hard time, so I'm doing business analysis, audits, and creating roadmaps for GDPR. >> Yeah. That's great. Famke, there's been many times when policy and technology come together, but GDPR feels like this growing buzz that's been around the industry. Like, I've heard people, "It's the new Y2K," it's this impending thing, there's a lot of uncertainty, it seems, for something that has a big legal document on it. Give us where people are, how are they feeling, how are you helping people go with it when there is so much uncertainty there. >> First of all, it's very interesting to know that a lot of companies, even in Europe but also outside of Europe, who will be concerned by GDPR, not even aware of the fact that this regulation exists and that they are concerned and they need to comply. And then the other half, roughly, it's unclear whether they will be able to comply by the deadline in May of next year, because it's a huge burden on the majority of the companies. They really have to review all of their processes, maybe do something new, get outside expertise on how to do so, and if they don't, they actually face huge fines from the European Union, which is obviously a way to try and incentivize these companies to do all that hard work to be able to comply. >> Yeah Nina, as if IT organizations didn't already have enough challenges to work with, it's like security is kind of keeping people pretty busy these days. So where does GDPR fit into the discussion? How do they bring it up? Where in the organization does it usually bubble up? And in which teams need to address this? >> Well GDPR actually concerns everyone, so it really concerns the business, but IT has a big role to play in the sense that, for example, many companies don't know what applications they're running. I've seen three companies, and they might be running, let's say they say, "Okay, we're running on the cloud 40 applications," but when they start looking at it with shadow IT, they might be running the triple. So it's actually good, because it's forcing best practice, it's forcing inventories, audits, and it's cutting costs at the same time. >> Yeah, I moderated a customer panel towards the beginning of the week here, and there was one research organization, they're like, "Look, we've anonymized all of our data, "I think we're pretty good," and one that was like, "Well, I'm doing a lot of cloud stuff, you know, "Amazon will take care of this for me," something like this. But if you ask all of them, "Are you ready?" most of them kind of said, "Yeah, we think we're ready." What do you find, Nina? Are most companies really ready? >> I'd say most are not. I find that in the UK, they've understood most companies that they need to be thinking about the big companies. Some of the small companies are just waking up. In the US, they're really thinking about it too, how it's going to touch them, because all services and goods concerning European citizens are concerned. So companies are really, and executives, are waking up. And for France, for example, I'd say about a third of the companies realize it's really going to hit them, and there's many others that are not ready at all. >> Yeah, you mentioned, Famke, that half of all companies barely heard about this, and absolutely, most companies, they are global. Even if you're some local place, you have customers and everything, so what's the step beyond becoming aware? Where do people need to go? >> Right. I mean, there's several things they should be doing when they start to realize that they are actually concerned by this regulation. One of the most important thing is just to educate yourself about it. What do I need to do? Do relevant people within the company know that we need to respond to this, and are they aware that something needs to be done quickly? And then conduct internal information audit, like what data do we hold, why do we hold it, do we really need it? What are our processes? And then maybe appoint a data protection officer, somebody who is on the inside of the company and will have the legal responsibility to inform them about how to be able to comply with GDPR. Things like these, I think, are the most important things to do in the very beginning. >> Nina, I've heard the most from companies that handle data protection, you know, IBM, Veritas, Veeam, all ones that I've heard kind of a strong push from them. A company like Nutanix, do they fit into the picture? Is it something that they're just part of the landscape and they're trying to help and be good citizens to make sure their customers are aware? What from a technology standpoint? >> From my perspective, it concerns every technological company that's running a service concerning European citizens. So of course it concerns Nutanix. And yesterday we had a really great session for executives to explain, and quite a few of them were actually saying, "Hey, I didn't know GDPR really concerns me," and so it's good that Nutanix realized they also need to wake up. >> It does even concern companies who are not based in the EU, but simply by the fact of holding data that concerns EU residents, they need to comply, and that's something which is obviously extremely important, because it affects companies globally, even though they might think, "We're not based in the EU, "we don't have any headquarters in the EU, "we're totally not concerned," well, yes they are, as soon as they hold EU residents' data. >> Yeah, well, the clock's been ticking. It was only towards the beginning of this year that I first heard about GDPR, I've done a number of interviews and talked to many companies. Any chance it's going to get delayed? Or are the lawsuits just going to start as soon as we get to May? >> Well I guess the authorities who will be responsible for overseeing where their companies are compliant, if there is a data breech or something like this happens, I think they will really look at the processes that companies have put into place, and if there is a good amount of goodwill and work has been done, and it's a minor breech to a certain extend, they will probably be lenient in the very beginning, because they know what a burden it is on companies to comply. On the other hand, obviously they also need to set a precedent and show that they're actually serious about enforcing this regulation. So depending on what company they have, if the Amazons and the Facebooks don't comply, that will be a huge problem. If a small business doesn't comply, that's maybe a little bit different. >> Just following up on that, companies have so many different challenges they need to work through. Any, kind of, first steps that they need to make sure that they're doing to kind of meet with what is expected? >> Well I'd say just for them to be compliant to start with is to find out what they're really running on systems and on the cloud, applications to do inventories, to do business assessments to see what risk is involved around it, and I find that most companies that are starting to wake up, the first thing they do is they realize they don't know what they're running. So operations has a lot of work to do, and the security staff. >> Nina the other question I have is, we've spend the last few years, a lot of companies are getting excited about what they can do with information. Is this going to be now a headwind that's going to stop companies and say, "Wait, hold on, "maybe I shouldn't be holding onto everything," or is it just having the right governance in place to make sure I have protections for personal information as opposed to more anonymized information? >> I would think that it's the governance. It will make a big difference in many companies for the governance in IT. It might change the roles of CIOs and operations staff. I don't know, what do you think? >> I think companies will have to re-evaluate what kind of data do they hold and for what purpose, and ultimately, GDPR actually really introduces this principle of you need to have, first of all, consent to hold the data, and then second it needs to be data that you really need for your operations and to deliver the service, or whatever you're delivering. So if there's no good reason for you to hold certain data, then you're actually, strictly speaking, not even allowed to do so. That should probably change a little bit, how companies view the type of data that they hold and for how long. >> And I've even heard, we've talked about some of the global impact, because, even if this is the EU, if it affects people that work there, but other governments are looking and might copy that, if this becomes the template to go forward. >> Right, and we've seen already. I think South Africa, Singapore, have published papers that are relatively similar. And it does make sense. This regulation was negotiated for four years in the EU, so it took some time to agree. And if it's globally applicable, and if it's extremely strict and high standards, it makes sense that it's being copied. >> I want to give you both the final word as to takeaways for this topic. >> Well, I'd say that if anybody's thinking about GDPR, I know there are 99 articles, but in most companies, 30 to 40 really concern the company, not to be scared. You need to start from something, and just to see what really concerns you. >> And I think the most important thing to know is that there are many legal and IT experts out there who really know this topic, which is very technical, extremely well, so it's probably a good idea to get outside consultants look at your processes and how you should go about things. >> Nina and Famke, I think that's part of the reason why Nutanix brought you in as to socialize some of their customers, and even some of their executives with the expertise that you bring. So thank you so much for sharing with our audience. We'll be back with more coverage here, getting towards the end of two days of live coverage from Nutanix .NEXT Conference in Nice, France. I'm Stu Miniman, and you're watching theCUBE.