One year today, a new European data privacy regulation is due to take effect that will require big changes, and potentially significant investments, by organisations all over the world—including you and your customers.
The General Data Protection Regulation (GDPR), imposes new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents, no matter where they are located.
The GDPR represents an important step forward for individual privacy rights. It gives EU residents more control over their “personal data” (which is precisely defined by the GDPR) and seeks to ensure that data is protected no matter where it is sent, processed, or stored. The law updates European privacy regulations for the first time in more than two decades, bringing them more in line with current technologies, and increases the uniformity of privacy regulations across the EU’s member states. And despite the UK’s Brexit vote, it will apply here.
The GDPR is also a complex regulation that may require significant changes in how your company gathers and manages data. The big three public cloud providers want to help you focus on your core business while efficiently preparing for the GDPR. Their goal is to streamline your compliance with the GDPR through smart technology, innovation, and collaboration. AWS has been encouraging customers to prepare by sharing useful GDPR resources ; Microsoft has issued specific guidance to customers to help them with compliance and Google Cloud issued its own commitment to the GDPR at the start of this month.
All three providers are investing in additional features and functionality. They operate what we call a shared responsibility model, under which they, as the platform provider, are responsible for the security of the underlying cloud infrastructure (Security of the Cloud) while their customers are responsible for the security of their data and applications (Security in the Cloud).
Non-compliance could be very costly. The penalties are potentially eye-watering, with fines of up to €20 million or 4% of annual global revenue. For instance, if TalkTalk’s data breach had happened under the GDPR, the telecoms provider could have been fined £71million rather than the £400,000 it had to pay last year.
So, whether you have already started the process or you are taking your first steps, compliance is a must. By understanding better the personal data you deal with and simplifying the way you manage and monitor it, you will be able to meet all the requirements of the GDPR.
By James Pearse, Head of Pre-Sales, SystemsUp
SystemsUp has years of expertise in helping organisations manage and catalogue the personal data in their systems to build more secure IT environments.
Our GDPR Quick Start Assessment workshop, delivered in conjunction with information protection consultancy Company85 and our parent company iomart, gives you the knowledge and tools you need to build a GDPR-compliant environment. Find out more here.