Story image

GDPR may help colocation companies sort through data sovereignty regulations

14 May 2018

Data sovereignty is becoming increasingly important to colocation providers. The location where data physically resides is of concern to their customers as they seek to comply with a series of often conflicting laws around the globe.

The General Data Protection Regulation (GDPR) is scheduled to take effect in May 2018 and is designed to “harmonise data privacy laws across Europe,” according to the GDPR web site. Unlike the law it replaces (the 1995 Data Protection Directive), the GDPR will have a “long arm,” according to Mark Bailey, a partner with the UK law firm Charles Russell Speechlys, who presented on the topic of data sovereignty at the recent International Colocation Club 2016 event in Paris.

That “long arm” essentially means the law applies to any company that deals with private data on EU citizens, even if that company is located outside of the EU. And the law comes with some stiff penalties for those who fail to comply. It carries fines of up to €20 million or 4% of annual revenue for the most egregious offences, whichever is larger. Such hefty fines make the GDPR the kind of law colo providers should definitely familiarise themselves with.

To the extent that the GDPR does indeed harmonise data privacy laws in the EU, it can be seen as a positive step when it comes to the question of where colos should build data centres. “As much as you’ve got data laws driving location specifically, it’s very often the conflict of laws or political decisions that drive these decisions,” Bailey said. “Uncertainly is perhaps one of the greatest issues we’ve got here rather than certainty and law.”

Currently, every single country in the UK and Europe has its own data protection laws and authorities, creating confusion for any company trying to comply with them all. The GDPR will essentially normalise laws across the EU, bringing certainty in terms of what the law is – which is a good thing.

With its “long arm,” the GDPR could also be seen as setting standards for U.S.-based companies. That’s significant because 90% of European personal data is processed by U.S. service providers, Bailey said. But currently the U.S. does not have an approved transfer mechanism for moving private data out of the EU.

“The U.S. has never been deemed adequate,” he said, calling the situation “a giant political football.” In fact, only a handful of countries – including Canada, Argentina and New Zealand – have managed to pass with EU regulators.

The situation could be remedied based on the extent that U.S.-based companies adhere to the GDPR.

The UK, of course, has its own issues to deal with as the result of Brexit. Will the UK comply with the GDPR or chart its own course?

Given the timing, the odds are the UK will comply with the GDPR, Bailey said.  He noted it’s unlikely the UK will be able to separate itself from the EU before the GDPR takes effect in May 2018.

If all of this sounds a bit confusing, that’s because it is. But for colocation providers, the news is still positive. Bailey quoted various experts who all expect sound growth over the next several years. He noted that the growth in servers across Europe is set to triple in the next 3 to 5 years, which translates to millions of servers.

Article by Schneider Electric cloud and service provider president Mark Bidinger

Server Technology beats out competition at DCS Awards
Server Technology has taken out the top spot for the Data Centre PDU Innovation of the Year at the DCS Awards.
LogRhythm releases cloud-based SIEM solution
LogRhythm Cloud provides the same feature set and user experience as its on-prem experience.
IGEL & ControlUp bring analytics to endpoints everywhere
The strategic partnership allows IGEL to integrate with ControlUp’s real-time monitoring and analytics capabilities via the IGEL Universal Management Suite (UMS).
Nutanix evolves multicloud offerings
Nutanix has expanded its multicloud solutions portfolio to further evolve its offerings across public and private cloud.
Bluzelle launches data delivery network to futureproof the edge
“Currently applications are limited to data caching technologies that require complex configuration and management of 10+ year old technology constrained to a few data centers."
Exploring the different needs for cloud services across Europe
Although digital transformation is happening across Europe, each country continues to have its own IT needs and the different cloud markets highlight this.
Trend Micro introduces cloud and container workload security offering
Container security capabilities added to Trend Micro Deep Security have elevated protection across the DevOps lifecycle and runtime stack.
Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.