Current Filter: Cloud>>>>>Opinion>

   

In around six months' time, all being well, the European Parliament, Council and Commission will complete the Trilogue meetings that have been ongoing since June of this year and come to an agreement on the new EU Data Protection Regulations that will come into force in 2017. Back in 2012, it was decided that the huge growth and importance in technology and the Internet, and the amount of data that was now stored online, meant that the existing data protection law was ill-equipped to deal with our modern day requirements. In addition, with high profile incidents relating to the loss, theft or transfer of consumer data without the knowledge of the individual, there is no denying that a review of the law was needed.

Ensuring consumer data protection is very important, but what has not yet been realised by many companies is that this new data protection regulation will cover all data relating to an individual. Some companies are under the impression that if they don't handle customer data as a core part of their business model (such as a retailer), they will not be affected, but this is not true. All data relating to EU individuals is encompassed, no matter what the company does or where it is based. The simplest example that will affect all companies is HR data - the details of their employees - this data will be subject to the same protection requirements.

LOOK TO THE CLOUD
While the changes will affect all companies, one particular group that needs to be at the forefront of understanding and compliant to the changes is public cloud and managed service providers. Companies of all shapes, sizes and sectors look to public cloud and/or managed service providers to provide them with IT solutions that are effective, meet their business needs and are compliant to all legislation as required. So what must these companies do to ensure they are ready for the changes?

While the final details of the Regulation are yet to be ratified, there are a few key areas that cloud providers can look to expand on now in order to prepare for the changes. Getting prepared is of the utmost importance considering the hefty fines that have been proposed for companies that do not meet data protection requirements. Currently the proposed fines stand at €100m or 5% of revenue, whichever is the higher figure, something which if imposed on a company would have a far-reaching and damaging effect.

The first is with regards to data control and location. Under the new Regulation, and to some extent currently, individuals can request their data be deleted under the "right to be forgotten" clause. While this sounds fairly straightforward, any data centre manager or IT worker will know that deleting all traces of data is actually a large and potentially difficult task.

PINPOINT ACCURACY
For cloud service providers, the first step to ensuring that all data can be managed, controlled and potentially deleted is to have a highly versatile data management software platform overlaying any storage. The benefits of this type of software mean that service providers will be able to pinpoint where any data is stored, move it easily and also delete it if necessary. NetApp's own Clustered Data ONTAP storage OS is one such example, and can be used across cloud storage and on-premises storage to create a data fabric that acts as a single system, meaning that data is more easily managed and controlled, thereby making compliance easier for cloud providers and the companies deploying them.

The second relates to data encryption and tokenisation technologies. Although not yet confirmed, the Regulation is expected to stipulate that encryption, tokenisation and pseudo anonymisation of data will meet legal requirements with regards to the "privacy by design" stipulation within the proposed Regulation. Service providers today often already offer encryption as standard for data stored in the cloud, however, for those still looking to add this capability, solutions such as NetApp's AltaVault can offer enterprise level encryption services and ensure businesses are secure and compliant across public, hybrid and on-premises cloud solutions.

These are just two key points that public cloud and managed service providers can consider now with regards to preparing for the upcoming changes. The nuances of the Regulation are far-reaching and extensive and in order to be fully prepared, cloud providers must begin to educate themselves as far as is possible.

BEST PRACTICE CULTURE
Preparation can be as simple as getting to grips with the current proposal and keeping abreast of the ongoing negotiations. What is important to remember as well is that once the final law is agreed upon, businesses will have a grace period to become compliant. However, starting to consider which steps you will have to take when the changes come in, may lead to greater business continuity and help establish a culture of best practice when it comes to handling data - one of the most valuable assets for any business.
More info: www.netapp.com