Data protection legislation update
So, after a long wait the Second Circuit has ruled that the U.S. government is not able to apply search warrants to access data, emails and the like stored by service providers abroad, which is generally good news for U.S. based service providers. However, there is still quite a lot for organizations to concern themselves with when it comes to data protection.
Also in the news, the European Court of Justice finally reached an agreement last week on Privacy Shield (replacement for Safe Harbor) which is intended to provide a new framework for exchanges of personal data for commercial purposes between the United States. and the European Union. However, there could still be further legal challenges from certain member EU states claiming that Privacy Shield is not substantially different enough from Safe Harbor and therefore still does not meet adequate levels of data protection for their citizens.
Separately, we also have the EU’s General Data Protection Regulation (GDPR) where the clock is literally ticking. Many people seem to be under the misapprehension that GDPR only happens when we reach May 2018. The reality is GDPR has been with us since 24th May this year and is therefore something that businesses need to pay immediate attention to well ahead of May 2018 when the legislation comes into full force and when they could potentially face huge fines (up to 4% of global revenue or 20 million Euros, whichever is the greater). Secondly, a quick word on Brexit. Very many unknowns still surround the UK’s decision to leave the EU, but we can be pretty certain that it is unlikely to make the situation any easier… Big questions exist as to whether the UK’s current data protection laws will be deemed ‘adequate’ in the eyes of the EU and to what extent UK based companies selling into the EU will need to comply with GDPR?
Data Portability and Control over where your data is stored
For me one of the things that leaps out regarding the increase in data protection requirements is the growing importance that data portability plays in being able to consistently manage and control data and consequently adapt to any future changes in the law that may occur. For a number of years now, we at NetApp have been committed to the idea of helping customers to control data across a multiplicity of end-points, whether the data is stored in an on-premises data centre, in the cloud, or next to the cloud.
To that last point, storing data ‘next to the cloud’ could be a smart option for any organization, who either for reasons of regulation or concerns about the sensitivity of the data / information cannot store data in the public cloud. In simple terms, by using a solution that we call NetApp Private Storage it allows organizations to operate and store data using their own storage equipment, in a rack they own, housed in a highly secure collocated data centre. Just as an aside; I visited a colocation data centre in the UK yesterday and can report that it was certainly very secure indeed! At the colocation data centre, a very fast, low-latency data connection provides a link to one of the major public cloud providers such as AWS, Microsoft Azure, or IBM SoftLayer for the compute element.
In a nutshell, by adopting a NetApp Private Storage approach you get all the benefits and economics of the cloud for compute, but your data stays next to the cloud, rather than in it!
For more information on NetApp cloud solutions please visit: http://cloud.netapp.com/home
From the EMEA Product & Solutions Marketing team