Are you responsible for making critical changes within your company’s IT? Is your IT strategy supporting the Data Protection Officer (DPO)? Is your business focused on the cloud?
GDPR has been the topic of business conversation for months, and as of the 25th of May 2018, it is now in full force. So how is your organisation coping with the changes? Providing your company has always practised high levels of security and control over data that they store, the enforcement will have made little difference to the way you work. If your organisation stores large amounts of personal data, you may have noticed that there is now an appointed Data Protection Officer who is responsible for overseeing the data protection strategy and its implementation, to ensure the company stays compliant. The role is likely to include carrying out audits, monitoring performance of data protection efforts and being the link between the company and GDPR Supervisory Authorities to prevent a damaging penalty, should a data breach occur.
However, did you know that Amazon Web Services, Microsoft Azure and Oracle Cloud all offer encryption capabilities for your data? In fact, the protection available in the cloud is often much better than running similar technology on premise. For example, Oracle’s Standard Edition Database running on-premises has no option for encryption, however in Oracle’s Cloud, it is a standard feature. If we look at this from a back-up perspective, the data that has been encrypted in the cloud will then be backed up and stored by the cloud vendor, ensuring that even in the unlikely event of the data getting into the wrong hands, no information can be gleaned from the encrypted copy. This process which would otherwise be the responsibility of the IT department and would require extra governance from the DPO, is now covered by your cloud provider. This does not only include another level of security, but could potentially be cost saving to your business as the safe management of physical copies of data is an intrinsic part of the cloud infrastructure. As previously mentioned, the DPO will still have the responsibility of auditing the process to ensure it is as secure as it needs to be, but will rely on their cloud custodians for the safe storage of the information. It should also be recognised that the speed of recovery of archived information that is stored in the cloud, is much faster than on premises.
Many businesses will agree that the cloud is the future. In fact, Gartner predict that the public cloud market will increase by 21.4% in 2018*. Have you considered the benefits of cloud from a GDPR perspective? Is cloud something that your business has yet to consider in their IT strategy?
I hope I have given you some food for thought, and I am really interested in your take on the subject so please feel free to comment on my blog.