How Will GDPR Affect Data Centre Management?
It's been nearly 20 years since the UK's data protection laws were updated, within this time the internet and the many devices that rely on the cyber highway to operate have dramatically changed. By now your company is probably well aware that by 25th May 2018 your data processing and management needs to be fully compliant with new EU regulations?
By now your company is probably well aware that by 25th May 2018 your data processing and management needs to be fully compliant with new EU regulations? If not, let's provide a quick overview of the current situation.
It's been nearly 20 years since the UK's data protection laws were updated, within this time the internet and the many devices that rely on the cyber highway to operate have dramatically changed.
These devices store and share tremendous amounts of data which is managed in a variety of different ways. The General Data Protection Regulation (GDPR) being introduced next year will bring the data protection laws for all EU member states bang up-to-date.
Non-compliance with the new legislation can incur hefty fines of up to 4% of a company's annual global turnover or €20 million, whichever is greater. To help you avoid these penalties we explain how GDPR will affect data management centres.
What are your current processes?
A crucial aspect of GDPR is ensuring that your company has the correct data management processes in place, particularly relating to data security.
Article 32 of the new legislation requires companies to ensure 'a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing [of data].'
Processes need to be set in place, if not already, that stress tests your system for vulnerabilities. These should be conducted several times a year as cyber-attacks are becoming increasingly more sophisticated and frequent. Ideally, a Data Protection Officer (DPO) should be appointed to manage this process if data processing is carried out by a public authority or the company manages 'large-scale' data. One of the DPO's primary concerns will be the wider context of data security.
Data security implies protection from both cybercriminals attempting to gain access to sensitive information and against data loss due to power outages, natural disasters or other external events.
Where you choose to store your data is important for both points, London data centres are a good choice for many businesses. The capital suffers from few natural disasters and is one of the most well-connected cities not only in the UK but globally. Many data storage companies in the UK establish data centres in London and offer fantastic security measures for both physical and online breaches.
Data spring clean
Another important aspect of GDPR is knowing where all the data that a company holds is saved, what needs to be kept and what must be deleted. Any data that is deemed out-of-date or irrelevant must be assessed for suitability due to 'The right to erasure or the right to be forgotten.'
Any personal data held by a company must be deleted once it has served the purpose for which it was collected, this is also applicable historically. Companies must be able to access historical files and carefully scrutinize what can be kept and what must be removed. Some companies have gone to great lengths to ensure compliance, Wetherspoon's, for example, deleted their entire customer email database!
This is an extreme instance however, it does demonstrate how serious companies and you should be taking the regulatory changes that will be enforced next year.
As we've reiterated GDPR is coming and although 25th May 2018 may seem a long way off, depending on the size of your organisation, where your data is stored and how much is collected this is a task that can involve significant resource. It’s best to be prepared and get your business ready for GDPR. More importantly, failure to be fully compliant can have a hugely negative impact not just on your bottom line but to your company’s reputation.