For the tenth year running, the January 28 marks an important cornerstone in Europe’s calendar, celebrating Data Protection Day or Data Privacy Day, as it is known elsewhere across the globe.
Today, like each year past, marks the anniversary of the opening for signature of the Council of Europe’s Convention number 108, which calls for “the Protection of Individuals with regard to Automatic Processing of Personal Data”.
This convention seeks to regulate the flow of personal data across borders and provides guarantees in relation to the collection and processing of “sensitive” personal data. The Convention also enshrines the individual’s right to know where personal information is stored and, if needed, to have this corrected.
Today, Data Protection Day falls in the midst of much discussion and negotiation and may soon be superseded. In recent years, with the rise of Internet-based services, we’ve seen individuals’ personal data become increasingly accessible and difficult to remove. As a result, there is a general feeling that existing data protection regulations are ill-equipped to ethically process and safeguard our modern-day data footprint.
Uncertainty still lingers as we await a possible Safe Harbor 2.0, as well as pending changes to EU regulations later this year. Although the finer details of the regulation are yet to be ratified, the mooted changes include the need for organisations to rigorously evaluate the risks of any data handling and guard against the accidental loss of data. It will only be possible for organisations to process data if the individual concerned consents, or if the processing is strictly necessary. If a company employs more than 250 people, it will also be obliged to appoint a data protection officer in-house to ensure the lawful handling of data. In addition, individuals can request their data to be deleted under the “Right to be Forgotten” clause.
Businesses worldwide have now woken up to this uncertainly around pending rulings, and are starting to grasp the possible impact and reach of this. As businesses await the final decision, they can be sure of one thing: in future, data privacy compliance will be about a lot more than just providing security. For those unprepared for legislative changes, there is a hefty fine of 5 percent revenue to pay for non-compliance.
To remain compliant and avoid penalisation, enterprises must ensure that they have implemented an effective data management infrastructure. Whether data is stored on premise or with an external private or public cloud provider, organisations should assess and reassure both employees and customers that data is collected, processed, accessed, shared, stored, transferred and secured in accordance with all laws and regulations, and that data is only being used in pre-agreed, legitimate and lawful ways.
When businesses consider their future storage infrastructure and processes in place, they can assess whether there is the flexibility in place for data to be integrated, managed, replicated and moved across storage systems and cloud vendors. The benefit of this approach to data management is that service providers are able to pinpoint where any data is stored, move it easily, and also delete it if necessary. NetApp’s own clustered Data ONTAP storage operating environment is one such example, and can be used across cloud and on-premises infrastructure to create a Data Fabric that acts as a single system, meaning that data is more easily managed and controlled, thereby making compliance simpler for cloud providers and the companies deploying them.
There’s no doubt that this year’s Data Protection Day serves as a timely reminder for organisations about the importance of correctly handling and safeguarding individuals’ personal data. It also highlights the uncertainty around how these regulations may change and develop in the coming months, as decisions are reached to align future legislation with our modern data footprint. Retaining full control over the data plus the flexibility to adapt to future developments in the law are critical for companies as they capitalise on the opportunities of modern IT.
How much do you know about data privacy? Try our quiz to find out!
Seemingly accidental leak reveals Google is developing Jarvis AI extension that can browse the web…
Amazon is reportedly in talks to pump billions of dollars more into AI start-up Anthropic,…
Star witness for the US prosecution of FTX founder Sam Bankman-Fried, has begun her two…
After axing 31 percent of its workforce when it failed to be acquired by Amazon,…
Mozilla Foundation axes 30 percent of its staff, and is eliminating its Advocacy Division that…
Improving security. Mandatory multi-factor authentication (MFA) is coming to the Google Cloud by the end…