With all the global incidents we’ve seen recently, it’s really no surprise that data security top of mind. We’re bringing more of our lives online than ever before, and the payoff for a successful cyber attack grows larger with each passing day. It’s into this climate that the European Union has revisited and revised its data security and privacy regulations.
Due to launch in May, the General Data Protection Regulation puts a laser focus on the protection of customer data. Under GDPR, an EU citizen has the right to remove all their personal data from a company’s servers. And before you ask, it doesn’t matter where the company is based.
GDPR applies to any business that works with an EU citizen. If you’re a global organization, you’re going to have to play by the regulation’s rules. Moreover, it seems quite likely that other governments will soon follow GDPR’s lead – regulations around privacy and user data will grow tighter worldwide.
“GDPR is a wakeup call for American companies to solidify best practices around their big data and data science initiatives,” writes Alex Woodie of Datanami. “While America firms today must follow a mishmash of data handling laws for specific sectors like healthcare and banking, there’s no single overarching law telling what they can and can’t do with data in a broad sense.”
“That’s exactly what GDPR does,” he continues. “It gives European consumers the power to control how their individual data is used. That means big changes are in order for American firms that are used to doing practically whatever they wanted with the data they collected.”
But where do disaster recovery and business continuity come in?
First, every business under GDPR will have an obligation to ensure that any organization it shares or stores its data with is fully compliant. That includes managed service providers and data centers. Even if you’re engaged in good practices within your own business, you could end up getting penalized for the bad practices of a business partner or hosting company.
Second, one area of GDPR that hasn’t received much attention concerns business resilience. Under GDPR, a business must ensure that their systems and services are as disaster-proofed as possible. A customer must always have access to their data and the services they’ve paid for.
At the end of the day, most of what’s required under GDPR is stuff businesses should be doing anyway. Proper data hygiene and resilience planning are a must in this day and age. If your business isn’t already seeing to both, this should serve as a long-needed wakeup call.
The good news is that if you’re hosting with Liberty Center One, you’ll be happy to know that our data center is fully-certified, and our data practices are fully compliant with GDPR. That’ll be at least one thing off your mind as you prepare. The rest, however, is up to you.