Will GDPR Rule You or Will You Rule It?
By Jay Marwaha
As you probably know, any company which stores data on citizens of the European Union has to comply with a stringent set of data privacy rules called General Data Protection Regulation (GDPR). GDPR applies in the UK, and the 28 member states of the European Union.
Background on GDPR
Last updated in 1995, those new rules are expansive and detailed. And the penalty for non-compliance is steep – up to 4% of a company’s global annual turnover. Large companies with a European presence have been watching the development of the rule and are, by and large, trying to remain data compliant.
The question is particularly tricky when it comes to cloud providers. For instance, under GDPR a European individual can request a company destroy all personal data it may hold about them. This includes all data stored on its cloud providers, and must be done within 30 days of the request. That means a company will have to devote significant effort to ensure that all its cloud providers can also comply within that timeframe.
In fact, ensuring that all data partners can comply with the rule is shaping up to be one of the biggest challenges of GDPR.
Companies are realizing that the [GDPR] rules don’t just apply to their organization, but also to the dozens of third-party vendors that have access to their data.
Steps to Take
The Cloud Industry Forum offers a number of suggestions for tackling this difficult task:
- Identify the location where the cloud app is storing the personal data
- Take measures to protect it
- Sign data processing agreements with all cloud partners
- Limit the data sent over the clouds as much as possible
- Restrict how cloud apps can use the personal data
- Ensure that the data can be erased once your partnership with the cloud application ends
According to a Netskope Cloud Report, a single European enterprise uses, on average, more than 600 business cloud providers. Imagine the headache of tracking all the data partners involved in processing your data. Therefore, it’s likely that many companies will terminate partnerships with cloud providers as a result of GDPR.
Benefits of Syntasa
Thankfully, there are other options for outsourcing data processing functions. At Syntasa, for instance, we will never take ownership of your data or hold it in our servers. Our software application sits within the enterprise architecture. No customer data ever leaves the enterprise database.
This means several things. First, if you are compliant, we are compliant. You will never have to ask us to erase anyone’s date of birth, credit card information or heart rate, simply because we won’t have access to it.
In addition, using a sophisticated algorithm, we can minimize the need for dozens of other cloud applications. Syntasa can also help with processing through and locating the sensitive data, so that your company can be more efficient at complying with GDPR.
We use behavioral data analytics to enable companies to tailor their marketing campaigns and other customer interactions in real-time. But we do this without stalking the user or asking for their sensitive data. We simply rely on the user’s online behavior to determine their preferences, and by comparing theirs with the behavior of thousands of anonymous users who were in their shoes in the past.
Wouldn’t you want to remove the extra work of ensuring your cloud providers are complying with GDPR? Why should you have to worry about activities outside the confines of your own organization?
Tweet at me or email me to share your thoughts about GDPR. If you require more information on how Syntasa can help with GDPR, please contact us at info@syntasa.com.