Think You Dodged the GDPR Bullet? Think Again

brightly lit cord with small lights bouncing off of it

Posted on Wednesday, October 3, 2018

The introduction of the General Data Protection Regulation (GDPR) caused a seismic shock through any business dealing with EU citizens. Not only did Europe-based individuals regain greater control over how their personal information is used, but organisations are now expected to better manage how that data is stored, processed and deleted.

For US-based organisations operating solely in the domestic market, GDPR is irrelevant. But the way in which these organisations handle information is still going to have to change.

California sets a new precedent for consumer privacy

Concerns about how e-commerce companies use personal data has led to a new Data Privacy Law being enacted in California. Under the new legislation, consumers will find it easier to sue businesses that lose their personal data as a result of a security breach, for instance.

Of greater long-term concern, however, is a new provision for controlling personal data. From January 2020 (when the new law comes into effect), individuals will have the right to demand that their personal data is deleted from a company’s systems.

Like GDPR’s right to erasure, California residents can ask and expect that every trace of their personal data is removed from a company’s records. And like GDPR, that right extends to every scrap of personal information– including information held in cold storage, like magnetic backup tapes.

Time to act

Fourteen months may sound like plenty of time to prepare for the new legislation, but there’s a lot of work to be done between now and then. Your business will need to audit all of its data assets so you know where personal data is being held for a start. Without that knowledge, you will be unable to fulfil deletion requests.

You will also need to ensure that any legacy systems used to store personal data are fully operational. This may mean bringing older hardware out of retirement by partnering with a third-party storage maintenance provider like CDS to keep legacy systems running beyond the OEM’s official end-of-service-life date.

Either way, doing nothing is not an option.

To learn more about preparing for the new Californian legislation or maintaining your legacy cold storage systems, please get in touch.

Download article
as a PDF - Think You Dodged the GDPR Bullet? Think Again

More Articles

Circuit board animating around a server tower

DevOps Doesn’t Mean New Hardware

The agile, fail-fast DevOps methodology needs super-fast storage. Or does it?

Legacy Support text animating

Legacy Hardware Support Just Became a Strategic Necessity

When Intel withdraws support for 16-bit BIOS, third-party support will become indispensable.