How is GDPR abused for profit sake?

How is GDPR abused for profit sake?

It is essential to keep your personal data safe and secured. It has been observed that some companies are engaging in an unprofessional act by abusing GDPR and offering it for sale. This brings us to the question if GDPR needs features like special software, investments, hardware, and suppliers. Are data centers offering compliancy with GDPR as a feasible solution or is it using GDPR as a marketing tool?

GDPR, popularly known as the General Data Protection Regulation is a hot topic for discussion at events and hangouts of every firm. It is important for consultants and every player to play a significant role by showing support with the execution of GDPR. Your preferred data center can play a major part in compliance, and other SaaS products have their responsibilities in being GDPR-compliant. You might be wondering if there is a big deal in this; what the possible solutions are.
Is the choice of your supplier the perfect solution or you might have to choose your lane?

Relax and determine the impact

What is the significance of GDPR to your business objectives? Is there any need for you to be scared of costs that changes will bring to your brand? It is imperative to start observing the personal information utilized and required by your company. You may have to determine if the human resources department or sales department that need to save data. If you are not a cloud provider storing a lot of your clients’ personal data or a company with a marketing environment storing all kinds of client related data, you are probably able to manage compliance on time.

After understanding the required information required by you, you must determine the capacity of the personal data available in your company. You need a spreadsheet, piece of paper, and time. If your brand has an immense personal data from various sources, it can be a massive project. If you notice the human resources department is the only team that submits essential information due to laws and regulations, a spreadsheet can be sufficient to be compliant. You are advised to read the stipulations and rules carefully and have a thorough understanding of its content as well as identify how its mechanism impacts your business.

Assess the risks and determine appropriate measures

GDPR does not necessarily require sophisticated security measures such as PCI-DSS or other ISO standards. Nevertheless, an excellent example of PCI-DSS or ISO standards like ISO 27001 can provide support and ensure your compliance. You may not need the services of consultants or use a special software as the choice of GDPR is dependent on the required data. It is crucial to select the necessary measures carefully. Do not buy products based on advertisement and bogus promises.

Determine the impact on suppliers

All suppliers that process personal data on behalf of the controller need to be included in your GDPR project. If you have a SaaS product that stores personal data the supplier must be considered in your GDPR product. If you are solely responsible for operations such as ‘collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’(http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf), you probably do not have a supplier that need to be included in your GPDR project. E.g., Your data is physically stored in a data center and maybe is considered as a processor due to article 83 of the GDPR. Your risk assessment also can conclude that the data center is no risk for ‘accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed’ (http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf) due to other measures were taken. It is not the data center, cloud provider and/or other suppliers that are leading in GDPR, your company is leading, and your company decides which security measures will be taken to comply.

Maintain the overview of processing personal data

Still, think you need to be afraid of the project, and you need to invest extremely? Importance of GDPR is to have the overview of all personal data processed, being able to show the risk assessment on personal data and take appropriate measures and being able to extract a list of actions to individuals regarding the processing actions when requested.

All you need is time and knowledge of information processed by your company. Do not let your supplier lead you to compliance. It is not the data center that can be compliant for you. It is your company that needs to comply with the GDPR. Make sure you first identify the impact on your business, and maybe it is not as difficult as it seems.

 

Although we will not be your total GDPR solution, if we can contribute to the measures you want to take to secure your data, do not hesitate to contact our Compliance and Security team to discuss the possibilities.

 

Blog by Jouke Albeda, Security & Compliance Manager

 

More Insights

  • How can a data center support your data lifecycle?

    Companies using data center as the foundational support for their housing services possess their unique equipment for it. With this, such companies begin their process of data processing, which could even be personal and need comply with the GDPR. Equipment malfunctions here may lead to waste creation that can also be personal, so where does the lifecycle end?

    Read more
    Read more
    Blog
  • RETN Expands Amsterdam Network, Plans to Deploy Network Point-of-Presence in Datacenter.com’s Amsterdam AMS1 Data Center

    RETN, a fast-growing international network service provider connecting 36 countries on 3 continents through 220+ PoPs, has planned to add a new Point-of-Presence in Datacenter.com’s Amsterdam AMS1 facility – a colocation data center strategically located in the Amsterdam Southeast business district.

    Read more
    Read more
    news
  • How Internet of Things (IoT) will change data centers

    The world of Internet is steadily merging with the world of physical ‘things’. Because of this convergence the Internet of Things (IoT) has arisen, a giant global network connecting all web-enabled things, including people, in the World. By 2025 the installed base of IoT devices will be over 75.4B devices.

    Read more
    Read more
    Blog

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information