The European Union EU) adopted a new law in 2016. It affects every company with customers residing in the EU. It comes into force on 25th May 2018, which is just over a week away. It is called the General Data Protection Regulation, or GDPR for short. But what does it mean, and should companies be worried?
Firstly it address a number of key areas around the privacy of data to EU citizens, in relation to the storage, processing and handling of personal data. Personal data includes data that can identify the individual directly. This can include the following:
I've simplified and summarised the key points of the GDPR legislation below:
The overall effect is to provide improved protection for EU citizens and to unify the laws across the EU. This puts onus on those businesses, including the cloud providers to ensure that data is processed fairly and in accordance with the law. There are a number of sanctions that can be enforced, depending on the nature of the breach:
So what should companies do? Firstly they need to seek legal advice from an expert in European Union law to understand the potential impacts and next steps. Next steps are to perform an audit of their business processes and how they store data to understand their current state. Then they need to perform some analysis on the law, with their legal expert to interpret the law and create a series of overarching requirements. These requirements then need to be solidified into a series of solutions.
Here is a great example of how market-leading SaaS cloud provider Xero, are approacing their GDPR obligations in relation to their financial accounting package:
It's so important in all this work to ensure that the IT, security, legal and business departments are all working together closely to work through the issues and implement the solutions.
Want to know more about how you can secure your data and ensure you are following the latest best practices? Consider taking a Certified Cloud Security Professional certification, leading to an ISC2 examination. I'd be glad to coach you through your questions and help expand your knowledge of all things security:
Paul Colmer is a digital coach for ALC training and consulting, with a real passion for learning and applying disruptive technologies. Paul has responsibility for building and delivering ALC's digital architecture strategy and the development and execution of a number of cloud courses, including Cloud Security (CCSP), Amazon AWS, DevOps, Microsoft Azure and Office 365.