Companies using data center as the foundational support for their housing services possess their unique equipment for it. With this, such companies begin their process of data processing, which could even be personal and need comply with the GDPR. Equipment malfunctions here may lead to waste creation that can also be personal, so where does the lifecycle end?
When looking at PCI DSS, the entire lifecycle for handling the financial transactions is managed via PCI DSS certificate or a chain of PCI DSS certificate that involves the entire third parties batch. However, a chain of the data handling process is obtained with processor agreements during the GDPR. At a data center, the data lifecycle begins with bringing in clean hardware (or already used/installed/configured hardware) connectivity followed by the data processing performed by the software. In the beginning of the lifecycle integrity and secrecy of data is the responsibility of the controller who performs a list of activities when gaining data. During the data transmission process, a data center supports the phase of securing physical access to the network and arranging physical security to the rack.
Reaching the mid of the cycle, the data will be processed (gained, stored, altered, structured, etc). Even at this stage, the controller of the services and the connectivity supplier plays a quite crucial role in maintaining the data integrity and secrecy. Apart from physical security, a data center plays a crucial role in supporting the data lifecycle. Examples of the risks to the availability of data are a power error or a fire. Also, when data gets lost, you might need to warn your contacts and manage your reputation. The data center supports in hosting your servers and implement necessary solutions to minimize risks of data availability. This is how the combination of the security measures of a data controller/processor and the data center play a crucial role in maintaining the entire security framework of your data.
Towards the end of the cycle, data needs to be destroyed, archived, etc. The controller/processor is solely responsible for this part of the data lifecycle. Even though the controller or processor destroys data (like purging, clearing, degaussing, etc.) at this stage, but the physical storage remains intact. Your data carriers can; however, be disposed along with the regular waste, but it is strongly advised to dispose of the data carriers, exclusively and certified to minimize the risks formed out of a combination of multiple safeguard issues. Data centers sometimes support the disposal of confidential waste. In such a case, the procedures and certificate for waste pickup should be requested; besides, destruction of data carriers can be a part of the PCI DSS certificate.
Even though, a data center being more of a third party that doesn’t interact with your data, still it plays a quite crucial role in the total security framework, covering the entire data lifecycle. It wouldn’t probably remain a data processor and a measure for data protection regarding GDPR. However, it plays a vital role in every phase of data processing. The associated combination of “security by design” of the physical equipment (for data transmission, rack access) and the continued provision will help in covering a full range of framework for data protection.
To learn more about your colocation options and how Datacenter.com can provide flexible colocation services to meet your user-specific needs, just give us a call at +31 (0)20 2384200, or drop us an email at firstname.lastname@example.org.
Article by Jouke Albeda, Security & Compliance Manager