April 10th, 2018

GDPR & Your Company’s Data: The IT Take

Securing personal data has become a major topic of concern — all you have to do is take a quick look at the news or your favorite social media feed to see the gravity of the challenge, and the repercussions of failing to meet it. This concern is valid, and it’s bound to stick around as data security becomes increasingly tough to accomplish. To help make sense of it all and provide firm guidelines, data security legislation is naturally rearing its head.

That brings us to this: the European Union (EU) introduced the General Data Protection Regulation (GPDR) in 2016, and it took effect on May 25, 2018. Though this isn’t a new topic of conversation, it’s definitely one that’s been making headlines given the recent deadline for compliance. (By the way, many organizations are still scrambling to ensure compliance, so don’t feel alone if you didn’t quite make the cut-off date.) The four letters alone have the tendency to send chills down the spine of anyone who performs business transactions online; many fear that this new regulation will not only disrupt their business operations, but also present the risk of hefty fines if not handled correctly.

With the right expertise and strategy, however, it doesn’t need to be thought of as a burden, but rather an opportunity to optimize data privacy and security related processes.

In Case You Haven’t Heard…

Here’s a quick refresher on GDPR and what it means for your business. The nearly 300-page regulation aims to strengthen data protection efforts for all EU residents by reshaping the way their personal data is collected, processed and retained.

So, how does this affect you? For starters, let’s get the bad news out of the way. The penalties for GDPR noncompliance can be quite severe – fines up to €20 million or four percent of your total worldwide revenue from the previous year – which means it’s best to equip your organization with a winning GDPR compliance strategy.

It’s also easy to assume that just because your company doesn’t have a physical or significant presence in the EU, the GDPR compliance doesn’t apply to you. There is still a question on this. The EU does take the stand that any interaction your business has with EU customer data (this includes website data) brings your company under its jurisdiction. U.S. lawyers and companies are questioning this long reach jurisdiction. It is advisable that you seek your own legal counsel to assist in answering this question best for your organization.

GDPR & Data Centers

That said, there is no doubt that GDPR will affect organizations across all industries, but we’re particularly interested here in what it means for the data center industry. Ultimately, organizations will need to take stock of where their data is stored and ensure that it’s accessible to only those with a business need. This is no different than any other industry standard security or privacy requirement. Consumers trust enterprises to protect their privacy, and in turn, organizations rely on third parties to help keep them GDPR compliant. In fact, we’re already seeing enterprises make decisions on where to colocate or build data centers based on GDPR compliance.

Now What?

DataBank’s team of security and compliance experts can help. Since DataBank is a company that houses a large amount of mission-critical information and applications, we rely heavily on our trusted team to ensure maximum uptime availability, data back-ups and in this case, adherence to GDPR regulations. Our full-time, certified CISO, Mark Houpt, and routinely audited data centers also put minds at ease. Our facilities are SSAE-18 SOC 2, PCI-DSS, HIPAA and Privacy Shield compliant.

At DataBank, we understand what GDPR and the complex field of regulations mean for your business. Together, with the help of DataBank’s compliance experts, let’s develop a plan for addressing your business’s IT needs while becoming compliant across the board.

Contact our team today to learn more.