The General Data Protection Regulation (GDPR) harmonizes the rules for the processing of personal data by private companies and public authorities throughout the EU. This forces many organizations to think again about the cloud strategy.
Without cloud services, many companies would now be silent, whether in the financial industry, in the healthcare sector, or in public administration. One of the important questions often asked by the IT managers of these companies is that of data protection and data security. What happens to my business critical data and services in an emergency? How fast are they restored? And who guarantees me sufficient security?
There will also be numerous additional regulatory requirements. In May 2018 at the latest, all companies active in the European Economic Area should expect some more regulation: the General Data Protection Regulation (GDPR) of the European Union, adopted in April 2016, will impose a set of rules for the processing of personal data by private companies and public bodies throughout the EU.
It may seem as if there is still plenty of time before 2018, but the number of IT implementations and the complexity of the IT networks and data storage built up by companies over time can actually limit the time one has for implementation. And please take note: there hardly is anyone who will not be affected by the GDPR, because it applies to all companies and organizations that offer EU-based personal goods or services, regardless of the place of operation.
Therefore, it is worth knowing right now what the many new provisions of the Data Protection Basic Regulation mean in detail:
Data protection in design and as a standard
Data Protection Impact Assessment
Compulsory notification of data
Apart from these technical details, the GDPR also forces many organizations that use cloud services. It obliges companies not to store or transfer personal data in countries outside the European Economic Area if they do not have at least as high a level of protection as the EU has. These requirements cannot be fulfilled in such a short time, especially by many large cloud providers, since they usually store and process data from European customers outside the EU - often without their knowledge. The list of countries that meet European privacy standards also is very short. Just 11 countries can be found - and the USA, where nearly 70 percent of global cloud providers have their headquarters, is not among them.
Especially for customers of US cloud providers, there is a need for action due to the new regulations. A 100 percent European provider gives more security here to meet the requirements of the future.
We at Safe Swiss Cloud are adamant that a regulation such as the General Data Protection Regulation is not just a call for action in order not to have to pay high fines - it is also a great opportunity. Companies should recognize that privacy, security, and compliance with the highest standards are highly important brand distinction features. And that is where we would like to accompany our customers to.