Story image

GDPR may help colocation companies sort through data sovereignty regulations

14 May 18

Data sovereignty is becoming increasingly important to colocation providers. The location where data physically resides is of concern to their customers as they seek to comply with a series of often conflicting laws around the globe.

The General Data Protection Regulation (GDPR) is scheduled to take effect in May 2018 and is designed to “harmonise data privacy laws across Europe,” according to the GDPR web site. Unlike the law it replaces (the 1995 Data Protection Directive), the GDPR will have a “long arm,” according to Mark Bailey, a partner with the UK law firm Charles Russell Speechlys, who presented on the topic of data sovereignty at the recent International Colocation Club 2016 event in Paris.

That “long arm” essentially means the law applies to any company that deals with private data on EU citizens, even if that company is located outside of the EU. And the law comes with some stiff penalties for those who fail to comply. It carries fines of up to €20 million or 4% of annual revenue for the most egregious offences, whichever is larger. Such hefty fines make the GDPR the kind of law colo providers should definitely familiarise themselves with.

To the extent that the GDPR does indeed harmonise data privacy laws in the EU, it can be seen as a positive step when it comes to the question of where colos should build data centres. “As much as you’ve got data laws driving location specifically, it’s very often the conflict of laws or political decisions that drive these decisions,” Bailey said. “Uncertainly is perhaps one of the greatest issues we’ve got here rather than certainty and law.”

Currently, every single country in the UK and Europe has its own data protection laws and authorities, creating confusion for any company trying to comply with them all. The GDPR will essentially normalise laws across the EU, bringing certainty in terms of what the law is – which is a good thing.

With its “long arm,” the GDPR could also be seen as setting standards for U.S.-based companies. That’s significant because 90% of European personal data is processed by U.S. service providers, Bailey said. But currently the U.S. does not have an approved transfer mechanism for moving private data out of the EU.

“The U.S. has never been deemed adequate,” he said, calling the situation “a giant political football.” In fact, only a handful of countries – including Canada, Argentina and New Zealand – have managed to pass with EU regulators.

The situation could be remedied based on the extent that U.S.-based companies adhere to the GDPR.

The UK, of course, has its own issues to deal with as the result of Brexit. Will the UK comply with the GDPR or chart its own course?

Given the timing, the odds are the UK will comply with the GDPR, Bailey said.  He noted it’s unlikely the UK will be able to separate itself from the EU before the GDPR takes effect in May 2018.

If all of this sounds a bit confusing, that’s because it is. But for colocation providers, the news is still positive. Bailey quoted various experts who all expect sound growth over the next several years. He noted that the growth in servers across Europe is set to triple in the next 3 to 5 years, which translates to millions of servers.

Article by Schneider Electric cloud and service provider president Mark Bidinger

Achieving cyber resilience in the telco industry - Accenture
Whether hackers are motivated by greed, or a curiosity to assess a telco’s weaknesses; the interconnected nature of the industry places it in a position of increased threat
DigiCert's QuoVadis acquisition extends PKI expertise in EU
DigiCert has now officially completed its acquisition of QuoVadis Group from Swiss security firm WISeKey International.
Commvault fully integrates backup with Cisco Hyperflex
Its IntelliSnap technology has been validated to work with Cisco HyperFlex hyper-converged systems without the need for third-party tools.
Huawei continues 5G trials despite ongoing concern
Huawei completed the 5G NR test at 2.6GHz spectrum in the 5G trial organised by the IMT-2020 (5G) Promotion Group. 
Experts comment on record 772mil-user data breach
Dubbed “Collection #1”, the data set contains emails and passwords with over a billion unique combinations of email addresses and passwords.
Top risk facing organisations? Why, it’s an IT talent famine
For some time there has been talk about how the IT industry is crying out for new talent and skills, which a lot of people have glossed over. But now Gartner says it is a harsh reality.
LISA Double Access fibre management system to launch at Cisco Live
“In a data centre, the protection of the fibre is key, which is exactly what the LISA Double Access offers customers.”
Data centre cybersecurity actions that most people overlook
Schneider’s Steven Carlini discusses ways to improve data centre cybersecurity that most people don’t think of until it’s too late.