Chances are you have heard about GDPR quite a bit by now, but it’s worth having a brief look at what it is and what it entails. GDPR is a sweeping and comprehensive overhaul of data protection and privacy rules mandated by the European Union (EU) in the backdrop of the inexorable rise of the digital economy that had made the previous regime way too inadequate. After years of deliberations, it was ratified back in April 2016, with a two-year grace period, which is now about to end. It aims to give control over personal data back to the individual, and establish one single set of data protection rules across Europe. Now, let’s debunk the myth that GDPR is an EU-only issue. Given its extraterritorial nature, coupled with the global reach of the internet, GDPR will impact every business that collects or handles personal data of EU citizens, directly or indirectly, no matter where the business is located. It therefore has concrete ramifications outside the EU, thereby uplifting privacy standards globally.
We at Scality recognized early-on the challenge GDPR creates in the IT Industry in terms of data governance, and have been actively evangelizing and explaining GDPR for quite some time. Please refer to these past blog posts, stretching back to late 2017:
- “Fuhgettaboutit: the GDPR “Right to Erasure” (November, 2017)
- “The Equifax Breach: a Wake-Up Call for GDPR Preparedness” (October, 2017)
We have been committed to do our part to make the GDPR transition as smooth as possible for our customers and partners, so they have an easier time achieving GDPR compliance. To that end, we have released a new whitepaper covering relevant features Scality RING and Zenko bring to the table, including:
- Encryption, for data-at-rest as well as data-in-flight, mitigating the liability in case of potential data breaches, and lifting associated notification requirements (which are not only costly but a PR nightmare)
- Inherent data protection – no backup needed, which means no offline, old data to comb through for compliance purposes (say for a right-to-be-forgotten instance)
- Multi-geo deployment clearly raising the bar on data availability
- Metadata search capabilities across clouds, making it easy to pinpoint personally identifiable information (PII) that GDPR mandates to round up and report on
- Multi-cloud data management, helping on two fronts: (a) making it possible to seamlessly search across clouds, and (b) boosting data availability by yet another degree of magnitude.