There cannot be many business people who do not know that when the GDPR comes into force in May 2018 it will impact on the way we gather and store information, but did you also know it will influence the way data centre facilities are managed?
Since data centre operators have ownership of the physical environment where information is stored, we could see them become a top target for the GDPR regulator. You need to act now to make sure your data centre partner will be compliant, particularly if your organisation runs on a private, public or hybrid cloud infrastructure.
A large proportion of IT managers are still reluctant to move to public cloud due to confusion over the location of their data, and with GDPR almost upon us, this concern is growing. Microsoft’s new Azure Stack hybrid cloud solution overcomes the problem by providing a consistent experience between public and private cloud, and delivering a truly secure hybrid infrastructure.
Essentially Azure Stack delivers all the power of Microsoft’s cloud offering, but instead of being housed in a Microsoft data centre which could be anywhere in the world, it is delivered from the data centre of a local, expert partner such as ITPS.
We are the first Microsoft partner in the world to implement the Azure Stack infrastructure in our data centre, giving you the confidence that your data is in the right place, and properly managed.
So what will data centre owners and managers need to do by May 2018? Very broadly speaking, they should be able to demonstrate robust management processes in identifying their data, specifically personally identifiable information, and then having polices and processes in place for the right to forget, the right to alter, and data security. They also need to show that in the event of any kind of interruption, from a power outage to a natural disaster, they have the ability to quickly and smoothly restore data.
Basically they are pledging that they have granular level control of where data is held, how it is held, and how it is accessed.
Being able to account for every piece of information is no small task when you take into account high availability, backup and disaster recovery strategies, and the right for customers to have their data permanently deleted. Operators need to show they know what devices they hold, where they are located, and what information those devices can access. They also need to demonstrate the level of control they have over them.
As an ISO27001 compliant company, we already have the policy, process and documentation, and working practices in place that are required for GDPR compliance, so we are ready long before the new regulations take effect.
Our security team have also been busy helping clients to secure Cyber Essentials certification, as the first step towards taking control of protecting their business.
No one wants to be facing a potential fine of 20 million Euros or four percent of annual global revenues. If you want to secure and protect your business and meet new data protection regulations, we are the right people to talk to.
Get in touch to talk to one of our experts, or book your place at one of our round table events taking place over the next few months.