Is there a term that strikes fear into business leaders eyes as much as GDPR, or to give it its full pronunciation, General Data Protection Regulation?
Since its introduction in 2012 it’s become ever-present in news headlines as companies struggle to understand the implications of the legislation.
There’s still an alarming amount of uncertainty among businesses over what they need to do, and with a year to go, now seems like an opportune time to discuss what the upcoming legislation will mean for UK business, alongside the challenges and opportunities it brings.
This is going to be the end of tape as you know it
Could the introduction of GDPR be the straw that breaks the camel’s back for tape backup? Businesses that have historically used tape to protect data makes it almost impossible (or at least very expensive) to fulfil any Service Access Request – whereby individual citizens have a legal right to request from the data controller what personal data is held by them.
The second and even more complicated consideration is the right to be forgotten. With data on tape a legitimate request to have data erased must be performed or risk the penalties that can be imposed. The problem with tape is that data does not exist in the same way as it does on disk, you can’t delete a file from a tape you can only wipe the entire tape.
This is further complicated when you consider the speed at which it takes to identify what data sits on which tapes. While you could restore the tape drives and then systematically retrieve or delete the relevant data, the strain this would place on already overburdened IT departments makes it almost impossible to comprehend within the month timescale set out by the GDPR.
Unstructured data will be the enemy
Much of the current focus on data governance relates to security concerns, but managing unstructured data also presents a potential competitive advantage for businesses.
Unstructured data is everywhere; emails, spreadsheets, videos, text documents, images and web pages are all unstructured data. When organised and analysed methodically, the information from unstructured data can help provide valuable insights. Data from social media networks and web logs can help organisations collect and understand consumer information.
One of the biggest hurdles with unstructured data is the element of the unknown. The notion of trying to organise mountains of unstructured data can be daunting and security concerns are always looming. Organisations need to methodically plan ways to meaningfully capture and share their knowledge. Whether that’s hospitals collecting data on patient illnesses to banks monitoring customer interactions, industries up and down the UK face the daunting challenge of ensuring any unstructured data that contains personal information can be retrieved and, if required, erased.
Moving to a data centre might be the only way
Digital data was only just beginning to be a big deal when the European Commission (EC) produced its first Data Protection Directive in 1995. Two decades later, the zettabyte era is almost here and stored data volumes are growing four times faster than the global economy.
In the face of such rapid development, the EC’s decision to create a General Data Protection Regulation (GDPR) is not a revolution or a surprise, but a necessary upgrade. With the introduction of GDPR, if your company plans to transfer data within the EU, you have to design a storage solution, whether in-house, in the cloud or a hybrid, that is both easy to access and easy to manage, and that has privacy and protection designed into its foundation.
With this considered a lot of organisations might find it actually could be a simpler, less-expensive route to look at a cloud or hybrid solution. In many cases, going to a cloud solution could improve security while reducing costs and risk.
An opportunity to digitally transform
While the forthcoming mandate has often sought to scare organisations to become compliant, forward looking businesses can use the upcoming deadlines to use this as an opportunity to improve the way data is handled within the organisation.
The threat of fines of up to 4% of annual worldwide turnover or €20million means data protection will need to be taken more seriously. While much of the attention has been focused on the new antitrust-type sanction regime, customers, employees and other stakeholders will expect a lot more in a post-regulation world.
Although the laws of GDPR come from the EU, businesses across the world will almost certainly apply it to their own strategy. In a digital-first era where the notion of customer loyalty has become practically eroded, can organisations afford to be playing catch up?
With less than a year to go, those organisations that can become compliant will find themselves operating a significantly leaner, more competitive organisation to their counterparts that aren’t.
While the technology solutions exist to support businesses on this journey, organisations need to use GDPR as an opportunity to change data protection into their strategy, structure and company culture. Then they’ll start to see significant gains from the regulation, rather than sinking fear into their eyes.