New rules of information protection in the EU

The large-scale EU Rules on General data protection significantly affect cloud companies not only the EU but also abroad. From 2018 any organization that collects, uses or shares personal information regarding EU citizens, should comply with the requirements of the legislation. Techniques for data protection should be embedded by default in any computing infrastructure.

Protection of data flows

In a Hyper-connected world, a world that is always online, most people think about their data in the context of "live" systems that keep them information; in fact this is only the tip of the iceberg. Data is actually copied again and again – for development, testing, quality assurance, training, financial reporting, business intelligence and more. In addition, data are often used by third parties, contractors and consultants in other places or countries, which often only require a user name and password for secure access.

However, the Rules on General data protection is designed to change the situation. Developing, the software developer has to take care of security as well as any DBA – a concept that is likely foreign to them. Although in the majority of European organizations have already provided some level of data protection and ownership, the new Rules will also focus on improving the level of education, training and use of tools necessary to prove compliance with legislation.

Method of carrot and stick

The new rules warn that any personal information should be "pseudonymisation" so that did not track any personal information about the person, in fact, this approach of "carrot and stick". The "carrot" recommends pseudonymization specific data and a reduction of certain obligations on those businesses that adhere to this approach. The "stick" represented the threat of fines for businesses that don't comply with the Rules. For many businesses this will mean that they should completely rework the architecture of input-output data.

This will require investments in new technologies, for example, a data masking, which will help to pseudonymizing data once and make sure all subsequent instances of the same policy of concealment. However, in the event of a breach the costs of these investments would likely be disproportionate MOP the amounts of potential fines, which will amount to 4% of the company's turnover.

Conclusion

Given the ever-increasing need for data protection is becoming more important that the client feel responsible attitude of its supplier cloud services security. This means establishing a data-protection strategy that covers the entire organization and reduces the risks to any persons who may be the victim of a data breach.