EU Raises Stakes Around Data Privacy Compliance in the Cloud
With the European Union poised to enact new legislation around data privacy and data protection, compliance will become a major consideration for U.S. companies evaluating cloud services and a key differentiator for cloud providers.
On the upside, the forthcoming European General Data Protection Regulation (GDPR) will simplify compliance for cloud providers and their customers by providing a single law governing data protection standards for the whole of the EU. In contrast, the pre-existing EU data protection and privacy directive was implemented differently in each country. The down side of the GDPR is that fines have been raised to 100 million Euros if a company is found guilty of a “negligent breach” of privacy or loss of data.
In a recently published white paper, AIIM, the global organization for information management professionals, said the landmark legislation could be a game changer for organizations using cloud providers for storage of personal data. Mike Davis, the author of the AIIM report, said organizations should evaluate their cloud backup strategies to ensure providers are compliant with the new directives.
The GDPR, the first significant change to European data privacy law since 1995, is likely to pass before the end of this year, and organizations will be given two years to reach compliance.
In the interim, AIIM advises organizations to prepare for the changes by being aware of where the personal data they are collecting emanates from within the EU, by staying on top of proposed changes to the legislation, and by aligning with cloud providers taking steps to remain in compliance.
Specifically, cloud providers must apply defensible standards of security protection for personal data. In such an example, cloud provider Zetta’s backup and disaster recovery service encrypts data both in flight and at rest. Zetta also operates data centers that are audited to meet SSAE-16 standards for both internal and external processes, and the service is HIPAA and ITAR compliant. By adhering to tough technical standards customers benefit from rigid change control process, enhanced security and backup best practices methodology to safeguard data.
The GDPR is just one of many data protection and privacy directives that have serious ramifications for business. Take the time to examine compliance directives and determine how your cloud provider stacks up. With the proper planning and due diligence, companies can avoid exposure to unnecessary financial and legal risk.