General Data Protection Regulation, or GDPR, is a change in legislation that will hold massive implications for British and global businesses – and the consumers they work with. Although it doesn't come into force until 2018, businesses should act now to be ready in time. Failing that, firms risk receiving fines that could be as hefty as €20 million (£17 million) for failing to comply.
Looking at time of transition for companies, could intelligent use of technology be the bridge to compliance and better data security, as well as business innovation?
Why it matters – now
GDPR is meant to protect the data of EU residents and although May 2018 may feel far away, businesses shouldn't bury their heads in the sand. It will apply to a post-Brexit Britain trading in Europe, as well as companies around the world dealing with the data of EU citizens.
The data we're talking about here includes HR and consumer data, business contact information, website visitor data, and IT network traffic – in short nearly every piece of information that a business touches in relation to employees or customers. As a result, businesses need to carry out a comprehensive assessment of their current practices well ahead of the deadline. They must ensure they have the right to collect data, permission to process it, and adequate policies to keep it secure for the correct amount of time.
Steps towards compliance
For many businesses, compliance and the steps towards it can feel overwhelming. But to date, much of the response to the GDPR is focused on IT infrastructure, which is manageable in smaller, bite-sized projects. Yet, we know that currently, there's a large percentage of businesses that aren't prepared and many organisations feel that there is a big grey area; ‘the right to be forgotten', for example, falls within the GDPR legislation.
Security and hacking is another concern, with high-profile attacks continuing to dominate headlines. Recently, data breaches at big organisations have served as a reminder of the damage that attacks can cause. It's clear that organisations, regardless of size, are at risk.
The concerns surrounding GDPR can't be viewed in isolation, businesses – led by their IT departments – must view GDPR and its implications holistically. Business strategy will need to coincide with deploying technology to maintain compliance, as well as keep customers' data secure.
A time to change – and innovate
With companies needing to carry out a root and branch review, they currently have a choice. Should they improve their systems to comply and tick the boxes, or should they change to innovate? One would argue that being 'good enough' isn't actually good enough, as customers place so much emphasis on the security of their data. Firms should capitalise on the excellent opportunity to take stock of what they have on their networks, as well as the policies that govern them.
Enterprises are warming to the idea of the hybrid cloud as a solution that is secure, cost effective and suitable for mobile workforces. The received wisdom used to be that businesses ran on on-premise clouds and used public clouds for application development. Now, we're seeing increased buy-in, with concerns around integration and performance allayed.
Things get more interesting from a GDPR perspective with object storage thrown in the mix. Using this type of architecture in a hybrid topology allows for sensitive data sets to remain on-site. Meanwhile, the less important data can be archived to the public cloud. Regardless of where it sits, data can be managed using a set of tools and policies. Object storage also adds control of data between clouds, including public clouds such as AWS. There's also the benefit of auditability and reliable control and management functionality.
A hybrid cloud solution is advised for many organisations weighing up their infrastructure options, specifically ahead of GDPR. Ultimately corporate reputation and financial implications are at stake, so businesses must take this matter seriously.
Ahead of this crucial legislation calling for enhanced security and accountability, it's a time to change and be prepared for compliancy, but organisations can also use this time to innovate and drive a competitive advantage.
Contributed by Steve Lewis, CTO, HDS UK&I