Best Practices for GDPR and Your Commvault Infastructure


The following document contains best practices and recommendations about your infrastructure and using Commvault GDPR solutions.

General Recommendations

The following points are general recommendations for any deployment of Commvault GDPR solutions.

CommCell Entities Used with GDPR

The following CommCell entities are essential to the Commvault GDPR solution:

  • CommServe host

  • Web Server

  • MediaAgent

  • Index Server nodes

You should put these CommCell entities in your company's data center behind a firewall. You should also restrict access to these CommCell entities to only the network gateway and Web Console computer. You should only place the network gateway and Web Console in the perimeter (DMZ) network.

Structure Clients, Client Groups, and Storage Policies

You should create regional storage policies for your clients. Each storage policy should contain a set of MediaAgents that are connected to different types of storage, such as disk, tape, and cloud. The clients located in each region should use the storage policy of their respective region. Also, you should create regional client groups that use the regional storage policy.

To verify your configuration, you can use the Data Sovereignty Report located in the Commvault Store.

For more information about using reports from the Commvault Store, see Downloading Items from Commvault Store.

Deploy Content Indexing and Entity Extraction Components

If you are content indexing or using entity extraction with your data, you should put the computers that are performing those operations in the same region (or a compliant region) as the data. Similarly, you should put Web Servers and the preview cache folders in the same region as the data.

Recommendations for Multi-Tenant Environments

The following points are recommendations specific to deployments of Commvault GDPR solutions in multi-tenant environments.

Secure Access to Tenant Data

Service providers can deploy a privacy feature that blocks unauthorized access to tenant data. With the privacy feature, tenants can store their data with their respective service providers and allow the service provider to manage data protection operations, but service providers cannot browse or restore data that belongs to tenants.

For more information about the tenant privacy feature, see Privacy for Owners.

Tenant Data Encryption

Service providers can enable encryption for tenant clients. This feature will ensure tenant data is encrypted both on the backup media and while in transit to protect against unauthorized access to the data.

For more information about data encryption, see Data Encryption.

Information in the CommServe Database

The CommServe database does not contain any actual data or metadata for tenants. There is a table that contains user email addresses that are frequently used to login to the CommServe. If you want to prevent this data from being stored in the CommServe database, then you can provide dummy email addresses and inform users to login using their user names, instead.

For more information, contact your software provider.

Using Activate for GDPR

After you implement the recommendations on this page, you can use the Activate feature to analyze your file data and discover if any of it contains sensitive information. With Activate, you can enable your compliance team to act on the files that contain sensitive information for GDPR-related requests and internal compliance.

For more information, see Setting Up Compliance Apps.