It’s finally May 2018, and for businesses around the world – not just those in Europe – this means compliance with the General Data Protection Regulation (GDPR) is top of mind more than ever before. Fines for non-compliance after the GDPR goes into effect on May 25th will be as high as €20 million (approx. $24 million USD) depending on the severity of the infringement. This should grab the attention of all service providers operating in the EU or dealing with EU customers.
The GDPR is a big leap forward from the European Data Protection Directive of 1995, and controllers and processors of personal data for residents of EU member nations will be subject to unprecedented pressure from it to make sure this data is not only secure, but also kept for only as long as required for its initial purpose. Controllers and processors will also be required to put technical and organizational measures in place that ensure appropriate levels of security for the data – through encryption, for example – as well as reporting mechanisms to not only help identify what personal data is stored on their servers, but also to confirm the storage location, encryption, or deletion of the data when requested.
What Does This Mean for Service Providers?
Let’s consider an example that might make it seem less complicated: If ABC Hosting Company sells managed services to businesses and uses Communication Automation Company to email businesses on its behalf and tracks engagement activity, then regarding such email activity data, ABC Hosting Company is the data ‘controller’ and Communication Automation Company is the data ‘processor’.
IT infrastructure purchasing decisions will be very important toward ensuring GDPR compliance because the infrastructure that a service provider has in place will need to support the processes, organizational measures, and recording mechanisms required of controllers and processors to ensure that personal data for residents of EU member nations is protected in accordance with the law. Finding infrastructure that encrypts data, that scales as data management needs increase, and that maintains high performance to ensure customer satisfaction, will be critical toward these decisions.
What Options Do Service Providers Have?
Many infrastructure offerings on the market today are geared toward ensuring data privacy and security and enabling the companies that use them to streamline and automate related data management processes. Some of these offerings are also designed to enable ISO compliance. A few companies behind them also offer consulting, certification training, and GDPR compliance preparation services. Service providers should do their research to understand whether they need to pay a lot of money on new infrastructure, or if they can get substantially more out of the infrastructure they already have in place to address their unique GDPR compliance challenges.
Virtuozzo can help service providers make the right decisions for solving these challenges without overspending. Contact us to learn more.