This is a landmark piece of regulation regarding data protection and data privacy, with major implications for cloud storage.
Silver Spring, MD (PRWEB) July 31, 2014
The forthcoming European General Data Protection Regulation (GDPR) offers a single law for organizations to follow, but increases fines up to 100 million Euros if found guilty of a ‘negligent breach’ of privacy or loss of data.
However, the new legislation is a major opportunity for cloud-providers according to AIIM, with major changes brought in as to how customer data regarding EU citizens is stored and how organizations must respond if a data breach occurs.
AIIM is the leading global organization for the information management profession and its new whitepaper, “Making sense of European Data Protection Regulations as they relate to the storage and management of content in the Cloud”, explains the implications for both organizations and cloud providers, and also summarizes current legislation in 11 of the 28 EU countries.
The law is the first significant change to European data privacy legislation since 1995, providing a single law for data protection to cover the whole of the EU, replacing the previous directive that has been implemented differently in each member state. The new legislation is likely to be passed before the end of 2014, and organizations will be given two years to reach compliance (early 2017). In the meantime, national laws for data privacy (as outlined in the appendices to the AIIM report) need to be complied with as a minimum.
“This is a landmark piece of regulation regarding data protection and data privacy, with major implications for cloud storage,” said AIIM spokesperson and the paper’s author, Mike Davis. “It applies to personal data on EU citizens wherever that data is stored across the world. Failure to comply will have serious legal and financial repercussion for an organization. But it will also enable those organizations to make risk-based decisions about cloud versus on-premise content storage, allowing them to evaluate providers of cloud services to ensure that they will stay compliant with applicable law.”
The GDPR also extends the definition of personal data to include email address(es), the IP address of computer(s) used, and any posts on social media sites. It covers all organizations collecting and processing data of EU citizens and calls upon those organizations to:
- Collect explicit consent to collect data from data subjects (the data subjects must ‘opt-in’) and facilitate the subject’s wish to withdraw that consent.
- Be able to delete all customer data at the request of the data subject, a provision known as “Right to Erasure”, unless there is a legitimate reason for its retention.
The data controller and data processor (the cloud provider) will have joint liability for any
breach of the regulation, and if it is ruled that a ‘negligent breach’ of privacy or loss of data has occurred, the offending organization can be fined up to five percent of annual revenues to a maximum of 100 million Euros.
“The new regulation poses serious challenges to organizations using cloud providers for storage of personal data, which means those organizations will be focusing their attention much more on providers that are compliant with the new legislation,” continued Davis. “This could be an important differentiator and major opportunity for cloud providers, both in Europe and the US, to align their cloud security with the new regulation.”
The AIIM white paper, Making sense of European Data Protection Regulations as they relate to the storage and management of content in the Cloud is available here. The report was underwritten by Hyland - Creator of OnBase, OpenText and Workshare.
AIIM has been an advocate and supporter of information professionals for 70 years. The association’s mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. Founded in 1943, AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organization that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community, with programs and content for practitioners, technology suppliers, integrators and consultants.