| ||||||||||
| ||||||||||
Current Filter: Cloud>>>>>Opinion> EU Confidential Editorial Type: Opinion Date: 09-2015 Views: 2854 Key Topics: Cloud Compliance Strategy Data protection Encryption Key Companies: NetApp Key Products: AltaVault ONTAP Key Industries: Retail | |||
| New EU Data Protection Regulations are due to come into force in 2017; Martin Warren, Cloud Solutions Marketing Manager at NetApp, discusses what cloud providers might have to do in advance of the likely changes In around six months' time, all being well, the European Parliament, Council and Commission will complete the Trilogue meetings that have been ongoing since June of this year and come to an agreement on the new EU Data Protection Regulations that will come into force in 2017. Back in 2012, it was decided that the huge growth and importance in technology and the Internet, and the amount of data that was now stored online, meant that the existing data protection law was ill-equipped to deal with our modern day requirements. In addition, with high profile incidents relating to the loss, theft or transfer of consumer data without the knowledge of the individual, there is no denying that a review of the law was needed. Ensuring consumer data protection is very important, but what has not yet been realised by many companies is that this new data protection regulation will cover all data relating to an individual. Some companies are under the impression that if they don't handle customer data as a core part of their business model (such as a retailer), they will not be affected, but this is not true. All data relating to EU individuals is encompassed, no matter what the company does or where it is based. The simplest example that will affect all companies is HR data - the details of their employees - this data will be subject to the same protection requirements.
LOOK TO THE CLOUD While the final details of the Regulation are yet to be ratified, there are a few key areas that cloud providers can look to expand on now in order to prepare for the changes. Getting prepared is of the utmost importance considering the hefty fines that have been proposed for companies that do not meet data protection requirements. Currently the proposed fines stand at €100m or 5% of revenue, whichever is the higher figure, something which if imposed on a company would have a far-reaching and damaging effect. The first is with regards to data control and location. Under the new Regulation, and to some extent currently, individuals can request their data be deleted under the "right to be forgotten" clause. While this sounds fairly straightforward, any data centre manager or IT worker will know that deleting all traces of data is actually a large and potentially difficult task.
PINPOINT ACCURACY The second relates to data encryption and tokenisation technologies. Although not yet confirmed, the Regulation is expected to stipulate that encryption, tokenisation and pseudo anonymisation of data will meet legal requirements with regards to the "privacy by design" stipulation within the proposed Regulation. Service providers today often already offer encryption as standard for data stored in the cloud, however, for those still looking to add this capability, solutions such as NetApp's AltaVault can offer enterprise level encryption services and ensure businesses are secure and compliant across public, hybrid and on-premises cloud solutions. These are just two key points that public cloud and managed service providers can consider now with regards to preparing for the upcoming changes. The nuances of the Regulation are far-reaching and extensive and in order to be fully prepared, cloud providers must begin to educate themselves as far as is possible.
BEST PRACTICE CULTURE
| ||
Like this article? Click here to get the Newsletter and Magazine Free! | |||
Email The Editor! OR Forward Article | Go Top | ||
PREVIOUS | NEXT |