Story image

GDPR may help colocation companies sort through data sovereignty regulations

14 May 2018

Data sovereignty is becoming increasingly important to colocation providers. The location where data physically resides is of concern to their customers as they seek to comply with a series of often conflicting laws around the globe.

The General Data Protection Regulation (GDPR) is scheduled to take effect in May 2018 and is designed to “harmonise data privacy laws across Europe,” according to the GDPR web site. Unlike the law it replaces (the 1995 Data Protection Directive), the GDPR will have a “long arm,” according to Mark Bailey, a partner with the UK law firm Charles Russell Speechlys, who presented on the topic of data sovereignty at the recent International Colocation Club 2016 event in Paris.

That “long arm” essentially means the law applies to any company that deals with private data on EU citizens, even if that company is located outside of the EU. And the law comes with some stiff penalties for those who fail to comply. It carries fines of up to €20 million or 4% of annual revenue for the most egregious offences, whichever is larger. Such hefty fines make the GDPR the kind of law colo providers should definitely familiarise themselves with.

To the extent that the GDPR does indeed harmonise data privacy laws in the EU, it can be seen as a positive step when it comes to the question of where colos should build data centres. “As much as you’ve got data laws driving location specifically, it’s very often the conflict of laws or political decisions that drive these decisions,” Bailey said. “Uncertainly is perhaps one of the greatest issues we’ve got here rather than certainty and law.”

Currently, every single country in the UK and Europe has its own data protection laws and authorities, creating confusion for any company trying to comply with them all. The GDPR will essentially normalise laws across the EU, bringing certainty in terms of what the law is – which is a good thing.

With its “long arm,” the GDPR could also be seen as setting standards for U.S.-based companies. That’s significant because 90% of European personal data is processed by U.S. service providers, Bailey said. But currently the U.S. does not have an approved transfer mechanism for moving private data out of the EU.

“The U.S. has never been deemed adequate,” he said, calling the situation “a giant political football.” In fact, only a handful of countries – including Canada, Argentina and New Zealand – have managed to pass with EU regulators.

The situation could be remedied based on the extent that U.S.-based companies adhere to the GDPR.

The UK, of course, has its own issues to deal with as the result of Brexit. Will the UK comply with the GDPR or chart its own course?

Given the timing, the odds are the UK will comply with the GDPR, Bailey said.  He noted it’s unlikely the UK will be able to separate itself from the EU before the GDPR takes effect in May 2018.

If all of this sounds a bit confusing, that’s because it is. But for colocation providers, the news is still positive. Bailey quoted various experts who all expect sound growth over the next several years. He noted that the growth in servers across Europe is set to triple in the next 3 to 5 years, which translates to millions of servers.

Article by Schneider Electric cloud and service provider president Mark Bidinger

61% of CIOs believe employees leak data maliciously
Egress conducted a survey to examine the root causes of employee-driven data breaches, their frequency, and impact.
Opinion: Modular data centers mitigate colocation construction risks
Schneider's Matthew Tavares believes modular data centers are key for colocation providers seeking a competitive advantage with rapid deployment.
VMware announces new features in VMware Cloud, Dell EMC integrations
VMware announced VMware Cloud Foundation 3.7 is expected to be available on Dell EMC VxRail in VMware’s Q1FY20.
Datacenter.com joins European Data Centre Association
The company announced today it has joined other heavyweights in the European Data Centre Association (EUDCA).
Opinion: Meeting the edge computing challenge
Scale Computing's Alan Conboy discusses the importance of edge computing and the imminent challenges that lie ahead.
Protecting data centres from fire – your options
Chubb's Pierre Thorne discusses the countless potential implications of a data centre outage, and how to avoid them.
Opinion: How SD-WAN changes the game for 5G networks
5G/SD-WAN mobile edge computing and network slicing will enable and drive innovative NFV services, according to Kelly Ahuja, CEO, Versa Networks
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”