How do you store your data?
It’s a simple & a necessary question for all entrepreneurs. Raising it is a need of the hour. It’s just because your associates, employees & clients can’t bear a data loss. A little mistake can lead to a massive loss. It usually happens when you go for the data migration from a server to other devices.
You can’t turn your eyes close to avoid this hot potato. Presently, IaaS (Infrastructure as a Service), SaaS (Software as a Service) and PaaS (Platform as a Service) are the norms to manage data into. These modern cloud computing tricks avail you a specific service (like infrastructure, software and platform) over the internet. It simply determines that the global traders have more business opportunities to scale up. A report by Forrester spotted the figure of the public cloud users. It states that the public cloud users have mounted to 57% in 2017 from 39% in 2016. If you look at the IT infrastructure, it shows a remarkable growth rate from 16% to 21% over the cloud.
Almost every IT consulting firm recommends the public cloud, like Amazon Web Services, Google Cloud and Microsoft’s Azure, due to its economic value. Its pay-as-you-go feature is just loveable. You get multiple services pooled together, such as hosting server, storage, webmail and online office applications. Calling it a value to your hard earned money pack is absolutely correct.
But, Forrester’s survey identified Australia, India, Brazil, China, France, Germany, New Zealand, UK and the US as its big client. Around 3,923 firms from these countries are harnessing the cloud network. But, the implementation of General Data Protection Regulation has compelled them to take a U-turn. They have started shifting a particular part of the public cloud (but not the entire data).
What did lead to this change of thought?
It’s all in the GDPR directives.
What is GDPR?
It’s a protocol to safeguard the right to privacy of the data subjects. It raises several questions strictly, such as how businesses and public sectors handle the information of the data subjects. Its implementation makes individuals proactive. They’ll have more control over their information.
Earlier, 1995 data protection directive was there. But, it failed to catch up the pace of the advancing technology. Thereby, the data subjects compromised on their sensitive information, like details of debit or credit card. The Cambridge Analytica, Uber data loss and many uncovered data scams show its cruel face.
Consequently, the European Union finally completed the revamping of the offbeat data directives. This decision was pending since 2016. Now, it’s effective from May 25, 2018.
Who are going to affect with this data policy?
The GDPR is meant for the firms that deal with controlling and processing of data. It covers both, the personal and the sensitive data.
1. Personal Data: It comprises a complex set of information that concludes the personality of someone. For example-IP address, Geo location, name and gender etc..
2. Sensitive Data: Its phenomenal example is the psychographic profiling by the CA. It determines the genetic data/information about the religion, political views and sexual orientation etc..
If you keenly observe the entire policy, you’ll find the data subjects in the core. They can be you or anyone. Harnessing data is no crime. But if you mine data critically underestimating the consent of its subject, it’s a crime. The subject suffers his data in your hands.
What do IT consultants recommend to comply with the GDPR?
- Access to data that a company holds about the data subjects should be easier.
- Explicit responsibility of organisations to get the consent of the data subjects.
- The firms covered under the GDPR would be accountable for handling, processing & assessing the personal information with great care.
- Data breaching & its adverse impact should be reported within 72 hours to the ICO. This clause is an outcome of gruesome abuses of the data of Linkedin, Yahoo, Twitter and MySpace accounts.
- Data subjects must be informed about the breaching.
- A firm with more than 250 employees must have to publically announce the motto behind collection of personal data. Besides, how it’s likely to process and keep securely-it should be subtly stated.
- Those who have massive data pool and exploit data for processing they should appoint a Data Protection Officer (DPO). This designation would be responsible to report to the senior member of staff. He would monitor whether or not the data is kept and processed in compliance with these directives.
- The data collector or processor must cite the reason of collecting data.
- If the individual wants to erase his data, he can, even if he approved earlier. He can withdraw his consent at any point.
What penalty would be slapped if violated the new data directives?
If any of these norms would be violated, the penalty will be slapped.
- If it’s a marginal violation, a fine of at least 10 million euros will be imposed. Rather than amount, the abuser firm might have to pay 2 percent of its turnover (whichever is greater).
- For big data loss or abuse, it can be slapped with 20 million euros or 4 percent of its annual turnover (whichever is greater).
- The ICO can impose a fine of 500,000 euros.
The GDPR deadline:
These directives have cast radical impact. But, business and corporations would have an interval of two years to get their system in compliance with this policy. The GDPR plan for PaaS would surely differ from the directives of the SaaS. What’s on paper might not be practically possible. Perhaps, tenancy, certainty of compliance and its implementation would be pivotal. Many firms might be unable to comply with it squarely.
The UK commissioner has stated that she won’t impose penalties, if it seems that they don’t deserve it. Contrarily, she will try to help them who took steps to put these directives in place.
In the nutshell, the best IT consulting firms deliver implications based on this policy. While shifting data, it would help you to stay tuned with what is legal.