GDPR Compliance May Be About To Become Even Harder
Posted on Thursday, April 19, 2018
The General Data Protection Regulation has created several headaches for CTOs across the globe. One of the most significant (and often overlooked) has been the right for EU citizens to access the personal data your business stores.
Under GDPR, clients must be provided with a copy of their data within a reasonable timeframe – thought to be around 30 days.
Fighting crime in near-real time
This 30-day window is considered far too long for the purposes of fighting crime, however. As a result, the European Commission is proposing a new “European Production Order” to assist police across the EU.
Under the terms of the production order, national crime agencies will be able to lodge a data access request with any organisation offering services in the European Union. The current proposals suggest that under certain circumstances, any business served with these orders will need to provide the requested data within six hours- even if the data is stored on systems outside the European Union.
The EU has not yet released any details of the proposed punishments for failing to meet the deadline, but they are likely to be extremely punitive given the fines associated with GDPR breaches.
Get your data stores in order now
This six-hour window is to be reserved for “emergencies,” most likely in the aftermath of an extremely serious incident like a terrorist attack. There will also be a secondary ten-day period allocated for less serious crimes. Ultimately, production orders will only be issued for crimes that carry a three-year or greater prison sentence.
Most service providers are unlikely to know whether their clients are committing serious crimes, so they will need to prepare their systems under the assumption that one might. Your GDPR preparations will have laid some of the groundwork for the new orders by identifying personal data, where it is stored and how it is retrieved.
Unfortunately, your business will now need to investigate how to speed up data retrieval. This may mean finally replacing cold storage tape arrays with faster, always-on disks to simplify the process.
The EU is notoriously unforgiving to non-compliant businesses, so it makes sense to begin work on this issue even before the production orders are passed into law. Any speculative preparatory work will not be wasted either; the USA’s new Cloud Act makes similar demands on companies to produce specific data very quickly.
For more help and advice on how to replace aging tape archives with your existing post-warranty hard disk arrays to speed up cold storage retrieval, please contact us.
How to Use Third-Party Storage Maintenance to Win Friends on the Board
Third-party storage maintenance offers several benefits. Take advantage of those benefits, and you’ll win friends on the board.
Why Local Storage Will Never Truly Die
The Cloud is set to replace most on-site data stores – but a few will always remain.