The conversation around data privacy has a longer history than you may think: the “right to privacy” was formalized as an international human right in 1948, and the national data protection laws that followed decades later – notably in Sweden in 1973 – were mandated by increasing public concern about the processing and storing methods of personal information. Coming to a head in 2018 with the enactment of the General Data Protection Regulation (GDPR), data privacy has slowly but surely crept from small conversations amongst corporate lawyers and IT teams to now having a seat at the table with the c-suite.
These regulations have proven to be extremely specific and enforceable. Watchdogs have been swift to act and throw down record-breaking fines. To-date, European companies have received $126 million in fines, setting a precursor for eventual regulations in the United States. These regulations are a reminder to all organizations that if they’re handling personal data, there are severe penalties for getting it wrong. And one of the top suspects for potential disaster? The data center.
Why the data center?
From a security perspective, attacks and breaches can come from anywhere, but one of the most tempting targets are physical infrastructures. Research from IBM shows the data center accounts for between 9% and 18% of total data breaches, costing more than $400 billion annually. Given the emphasis on privacy regulations, senior leadership must start thinking harder about how they’re using and protecting their physical infrastructure to support their operations. De-risking the data center can be achieved by meeting these two core areas: an investment in cloud data management and an investment in your people.
Phase One: Invest in cloud data management
Many technology organizations invest in the cloud both as a way to store, manage and protect their data in a physical location, while also receiving some benefits of boosting their business intelligence. The cloud is fast becoming the most important tool in the arsenal of digital business, with research from Enterprise Strategy Group finding 51% of organizations use the cloud to run business intelligence queries. The cloud is the key to an organization’s path to innovation, and thus should be protected at all costs.
This is where a cloud data management strategy, coupled with on-prem storage, provides the best of both worlds in data storage and data protection. It brings together data backup, replication and disaster recovery across the entire IT estate of an organization, ensuring data is always available, recoverable and protected at all times.
Phase Two: Invest in your people
GDPR is as much about protecting people’s data as it is about imploring organizations to hire the right talent to uphold them. Nowhere is this more clear than in Article 37 of the GDPR, which states that any company monitoring and processing personal data on a large scale must appoint a Data Protection Officer (DPO). DPOs have become a critical role and play a key part in ensuring the protection and security of data centers through cloud data management.
While not all organizations are required to appoint one, there’s significant value in encouraging organizations to appreciate and understand the basic principles of data privacy, which includes investing in people whose sole role is to ensure proper data privacy measures are being put in place in the data center. When GDPR was first enacted in 2018, as many as 28,000 applications for DPOs needed to be filled across with Europe and the United States, and it remains a role in high demand – albeit one that comes with a sizeable skills gap that needs to be addressed. Tackling this skills gap will take time, but it can be done. Internal promotions and leads from within the walls of an organization are a great place to start. There have been some promising examples from law firms and consultants, for instance, who have started offering virtual DPO services to meet the shortfall.
Additionally, a close relationship with cloud storage providers and hosting partners can bring in promising leads on a DPO that is right for the needs of the organization. Those leaders who actively seek out these partnerships will be able to execute on the top priorities such as securing their data centers by configuring data management systems and providing technical training for system administrators. They also will encourage good data management practices are enacted up-and-down the organization.
As IT teams find themselves at the beginning of a new decade, many organizations are finding they are at an impasse in how well they’re approaching the security and protection of their data centers. With the reputational and financial stakes higher than ever before, data privacy is as much a business conversation as it is a technical one. Like any business problem, it requires a robust technical strategy to address it, and the right people leading the charge to enable the smart data privacy practices that consumers and regulators alike are demanding.