So far, businesses have been using data centres in very different ways; from having all data processed by an organisation in an in-house data centre run by IT employees, to using any hybrid and public cloud solutions provided by either small developers or large companies. The thing in common is that most of the businesses currently use data centres mainly for storage and backup purposes.
The industry surrounding IT, data, Internet of Things (IoT) and cyber security is now rapidly evolving, to some extent thanks to the progress of AI as a means of understanding critical things more efficiently, and the impact that this is having on businesses.
In the new world, there is a necessity for this progress to merge with individuals’ rights to privacy and data protection, which is one of the reasons why the legislation on data protection is changing. We all now know that by May next year, businesses in the UK will be reached by the General Data Protection Regulation (GDPR) and hence by the implementation of new rights and obligations, which is causing a huge impact on the culture related to cybersecurity and the management of data centres.
Rocio de la Cruz, Principal Associate at Gowling WLG
It appears to be a good time to say goodbye to the way we currently understand the processing of personal data and to let the new era start. However, during this process, businesses are asking themselves what will happen with the current data centre’s structures, and how AI fits in this scenario.
We have witnessed discussions about whether or not it is better having an in-house, private data centre where security can be internally controlled, as opposed to migrating parts or all the information to data centres operated by other providers; particularly since most of the cloud service providers are redeploying their products to incorporate suitable functions to make GDPR compliance easier for all businesses.
AI is playing a relevant role here, particularly in the development of functionalities concerning accurate data matching and research to allow data controllers to comply on time with subject access, data portability and the right to be forgotten requests; as well as to comply with the accountability principle.
I do not believe that this is an end for data centres, but perhaps an end of how data centres are used nowadays. The main challenge here, in my opinion, will be for businesses to ascertain what suits them best. Businesses should start thinking about what they need to put in place to assure compliance with the data protection legislation. This is not an easy task if we take into account issues like the budget, current agreements with providers, pre-paid services already agreed, and responsibilities of the parties involved in a migration process. Organisations will need time to analyse their current structure and consider moving to a more modern IT scheme that allows them to improve their data processing obligations.
Content from our partners
What it seems to be clear is that when doing so, businesses will look at flexible, intelligent and automated solutions integrating mechanisms like data simple view (maintaining data segregation where necessary); centralised and linked actions able to be managed by relevant stakeholders; and research capable of locating information related to a particular individual and extract only the information required for each particular data subject right; as well as improving the resilience and disaster recovery utilities needed to implement an adequate level of security.
