As we head into next year businesses will need to rigorously prepare for General Data Protection Regulation (GDPR). With the fear of facing fines as heavy as 4% of their global annual revenue, data privacy and protection will be at the forefront of every CIO’s agenda. But how can companies prepare for one of the biggest data legislative changes in over 20 years, without hindering productivity and collaboration? Before businesses can start to prepare for GDPR, it’s important to understand the aims of the new legislation and how they can comply.
What is GDPR and what does this mean for the technology industry?
Organisations continuously store and retain customer information. This data is invaluable to the business and is often used to gain insight into customer behaviour and trends. GDPR aims to create more transparency for consumers so they can find out how their data is being used and where it is stored. GDPR will replace the EU data protection directive and will hold organisations responsible for any personal data they retain making it imperative that companies are storing this information within a secure environment.
Once the new legislation comes into place all major data breaches will need to be reported within 72 hours, companies with significant amounts of data will have to employ a data protection officer, and there will be restrictions imposed on the transfer of data. The technology industry has a huge part to play; organisations need to ensure they can continue to leverage the benefits of today’s digital age such as cloud computing whilst still complying with the new regulations.
Data protection and locality – combating the threat of the public cloud
The use of cloud computing within the workplace is growing, not only do companies enjoy more capacity but the cloud offers greater productivity and flexibility. Gartner recently predicted that within the next five years the shift towards the cloud will affect more than $1 trillion in IT spending. The cloud is an essential tool when it comes to remote working and has enabled a connected workforce. In the past decade we have seen more employees working remotely, bringing their own devices into the workplace and sharing files across the cloud in order to create a more productive and collaborative workforce. Businesses are under extreme pressure to be always connected and to have access to relevant and accurate information, wherever they may be.
Through an on-premises private cloud, organisations can ensure they maintain full control over any customer data, whist still enjoying the flexibility and ease of use the cloud promises. If businesses are storing or sharing customer data in the public cloud, they will have no control over privacy and locality. In addition, data stored on the public cloud can be difficult and costly to transfer. IT departments need to rethink their file sync and share strategies as they head into 2017 to ensure they can meet the requirements of GDPR. There are enterprise file sync and share platforms available designed to work within the company’s own firewall, giving corporate IT full control over the data whilst simultaneously providing users with the flexible remote access needed.
In addition to bringing remote access back under corporate control, businesses need to ensure they can safeguard data from a ransomware attack. With all major data breaches needing to be reported within 72 hours, organisations need to be prepared as their reputation will be on the line.
Security is already a top concern for today’s CIOs and many organistions have taken the initial steps and have a defensive strategy in place, usually in the form of an anti-virus. But employees often share data through the cloud or across email and once it has left the company’s firewall it can be vulnerable. As we have seen over the past few years the public cloud has suffered several data breaches, but organisations can combat this through storage platforms that provide on-premises storage with cloud functionalities.
Ensuring data is safeguarded within the company is one step but organisations need to move beyond this and ensure they can provide data protection whilst sharing files or working remotely. In addition to any protective pre-attack measures businesses put in place, forward-thinking companies will also invest in an archive storage solution for post-attack measures such as data recovery and business continuity.
Preparing for GDPR
As we head into 2017 organisations need to start preparing and reevaluating their storage, archive and enterprise file sync and share strategies. Preparing for GDPR does not mean businesses can no longer enjoy the benefits of a connected and more collaborative workforce. Organisations should look at deploying an on-premises solution that provides secure file sync and share capabilities, through a private cloud.
Image Credit: Shutterstock / Wright Studio