How is GDPR abused for profit sake?

How is GDPR abused for profit sake?

It is essential to keep your personal data safe and secured. It has been observed that some companies are engaging in an unprofessional act by abusing GDPR and offering it for sale. This brings us to the question if GDPR needs features like special software, investments, hardware, and suppliers. Are data centers offering compliancy with GDPR as a feasible solution or is it using GDPR as a marketing tool?

GDPR, popularly known as the General Data Protection Regulation is a hot topic for discussion at events and hangouts of every firm. It is important for consultants and every player to play a significant role by showing support with the execution of GDPR. Your preferred data center can play a major part in compliance, and other SaaS products have their responsibilities in being GDPR-compliant. You might be wondering if there is a big deal in this; what the possible solutions are.
Is the choice of your supplier the perfect solution or you might have to choose your lane?

Relax and determine the impact

What is the significance of GDPR to your business objectives? Is there any need for you to be scared of costs that changes will bring to your brand? It is imperative to start observing the personal information utilized and required by your company. You may have to determine if the human resources department or sales department that need to save data. If you are not a cloud provider storing a lot of your clients’ personal data or a company with a marketing environment storing all kinds of client related data, you are probably able to manage compliance on time.

After understanding the required information required by you, you must determine the capacity of the personal data available in your company. You need a spreadsheet, piece of paper, and time. If your brand has an immense personal data from various sources, it can be a massive project. If you notice the human resources department is the only team that submits essential information due to laws and regulations, a spreadsheet can be sufficient to be compliant. You are advised to read the stipulations and rules carefully and have a thorough understanding of its content as well as identify how its mechanism impacts your business.

Assess the risks and determine appropriate measures

GDPR does not necessarily require sophisticated security measures such as PCI-DSS or other ISO standards. Nevertheless, an excellent example of PCI-DSS or ISO standards like ISO 27001 can provide support and ensure your compliance. You may not need the services of consultants or use a special software as the choice of GDPR is dependent on the required data. It is crucial to select the necessary measures carefully. Do not buy products based on advertisement and bogus promises.

Determine the impact on suppliers

All suppliers that process personal data on behalf of the controller need to be included in your GDPR project. If you have a SaaS product that stores personal data the supplier must be considered in your GDPR product. If you are solely responsible for operations such as ‘collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction’(http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf), you probably do not have a supplier that need to be included in your GPDR project. E.g., Your data is physically stored in a data center and maybe is considered as a processor due to article 83 of the GDPR. Your risk assessment also can conclude that the data center is no risk for ‘accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed’ (http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf) due to other measures were taken. It is not the data center, cloud provider and/or other suppliers that are leading in GDPR, your company is leading, and your company decides which security measures will be taken to comply.

Maintain the overview of processing personal data

Still, think you need to be afraid of the project, and you need to invest extremely? Importance of GDPR is to have the overview of all personal data processed, being able to show the risk assessment on personal data and take appropriate measures and being able to extract a list of actions to individuals regarding the processing actions when requested.

All you need is time and knowledge of information processed by your company. Do not let your supplier lead you to compliance. It is not the data center that can be compliant for you. It is your company that needs to comply with the GDPR. Make sure you first identify the impact on your business, and maybe it is not as difficult as it seems.

 

Although we will not be your total GDPR solution, if we can contribute to the measures you want to take to secure your data, do not hesitate to contact our Compliance and Security team to discuss the possibilities.

 

Blog by Jouke Albeda, Security & Compliance Manager

 

More Insights

  • Datacenter.com Announces the Coming Departure of Jochem Steman, CEO

    Datacenter.com announced announced today that Jochem Steman, has notified the Company that, after four years at Datacenter.com, he has decided to step down as Chief Executive Officer and leave the company in the coming months.

    Read more
    Read more
    news
  • Customer statement on Coronavirus (COVID-19) outbreak

    As the World Health Organization confirms Coronavirus (COVID-19) as pandemic Datacenter.com is intensifying its efforts to mitigate the spread of the virus among our employees, customers, partners and suppliers. Our facilities are 100% operational and we are taking all possible measures to ensure we can maintain this service level while ensuring the health and safety of all that interact with our facilities.

    Read more
    Read more
    news
  • Datacenter.com completes expansion of Amsterdam Data Center

    Datacenter.com announced it has completed phase II of its Datacenter.com AMS1 data center. The expansion was necessary due to the strong demand from domestic and international enterprise and cloud computing customers looking to reduce IT infrastructure costs.

    Read more
    Read more
    news

Call us on +31 (0)20 - 2384 200
We are happy to answer your question

Email us for more information