Connect with us




Keith O’Leary, Principle Consultant, Sungard Availability Services

Soon to be enacted across the European Union, the General Data Protection Regulation – better known as GDPR – has caused no end of concern among CIOs.

Although it represents good news for consumers, from a business perspective, things aren’t quite so simple. While the regulation will be helpful in making it easier and more cost effective for cloud providers to offer pan-EU solutions, as well as making customers feel safer in entrusting valuable data to third-parties, GDPR is likely to have serious implications for Europe’s approach to disaster recovery (DR) and business continuity (BC).

For a start, there is a significant difference between the current DR directives and the rules set out by GDPR. Its introduction will necessitate a hefty cultural shift, not only in the management of technology but in the way people operate and the processes put in place.

The regulation will impact any business, whether based in the EU or not, that holds the personal data of EU citizens. Moreover, the definition of ‘personal data’ is broad and could change as consumers continue to expand their online presence. Ultimately, it means that not only must organisations intensify their data protection efforts, they must do so for a large volume of data. In turn, organisations will need to extend their BC/DR efforts to cover this greater remit.

And, as the pressure rises, so too do the stakes. GDPR is driven by two serious threats: reputational damage and monetary fines. Although you could argue that the former has always existed – with plenty of organisations having endured serious backlash from consumers following a data breach – the idea of financial penalties is new. Organisations who fail to properly protect customer data can be fined up to a maximum of €20m or four per cent of their total worldwide annual turnover, whichever is higher.  A high price to pay for ennui or delay!

To manage these changes, it will be mandatory for businesses of over 250 employees to appoint a Data Protection Officer (DPO). From training staff on how to handle customer data through to keeping track of all data within the organisation, the DPO role will need to take a granular approach to the backup and archiving of critical data. Furthermore, to comply with GDPR rules such as ‘the right to be forgotten’, DPOs will be expected to know, with pinpoint accuracy, where any set of customer data is at any given time; an exceptionally difficult task when you consider that a lot of customer data doesn’t even make it onto the organisation’s central server.

As a DPO, it would be your job to root out this data, ensure it is adequately protected, suitably encrypted, and included in all BC/DR initiatives.

With less than 19 months before the rule is enforced, the clock is well and truly ticking. With today’s complex IT environments and cloud deployments, BC/DR processes are already challenging and the GDPR ruling means that complexity will only become more acute and the need to test all processes well in advance is a must. Organisations need to be certain that in the event of an issue, they will be able to remain complaint with the regulation – even when operating with diminished resources. Having everything in place is likely to require multiple invocation tests as well as serious investment – in time and planning not just funds. All in all, preparation is likely to take over a year – meaning there is little room for error when it comes to laying the groundwork for GDPR compliance.

Attaining GDPR will not be easy.  It will not be quick. However, with the risk of such severe financial, operational – and likely reputational – penalties, it is an issue to which organisations must begin to direct their full attention. Today!

Editorial & Advertiser disclosure
Our website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.
Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate


Newsletters with Secrets & Analysis. Subscribe Now