Digital data was only just beginning to be a big deal when the European commission (EC) produced its first Data Protection Directive in 1995. Two decades later, the zettabyte era is almost here and stored data volumes are growing four times faster than the global economy. In the face of such rapid development, the EC’s decision to create a General Data Protection Regulation (GDPR) is not a revolution or a surprise, but a necessary upgrade. And despite Brexit, it will bring changes for us all.
Although the referendum has shaken the world, the business of data processing continues as usual. When the GDPR comes into force in 2018, it will still apply to UK companies dealing with the European Union (EU) – and if the UK wants to trade with the single market, it will be vital for data protection standards to equal the GDPR. What’s more, even after Article 50 is invoked, there are likely to be several years of negotiations before the UK officially withdraws as a member state.
So, in anticipation of the impending GDPR shift, many businesses have begun to make preparations – starting with the most fundamental element of data management: where they store the swelling masses of consumer information. To ensure insight is accessible and compliant, global businesses are increasingly opening data centres in the European mainland and it seems the data localisation trend is sweeping the industry.
But what are the benefits of data migration and is it the best way to meet GDPR requirements?
Increasing locality and convenience
The concept of data localisation is to store user information in an online data centre that is physically situated in the region where the applicable regulations for its management are in force. In other words, the user data that companies gather is processed and kept safe in the area (or continent) it originated from, making adhering to local regulations easier.
One of the key reforms of the GDPR is a single, pan-European law for data protection, as opposed to the current patchwork of national laws, which also applies to non-member countries that offer goods and services within the EU market. Consequently, the measures are now globally applicable – as most businesses operate in Europe to some extent – and that means creating a data centre within the European Union (EU) is likely to be a priority for global businesses.
Getting a better grip on privacy
While data privacy has always been a key consideration for companies, the new EU laws raise the stakes and clarify previously ambiguous definitions. For example, the question of whether IP addresses were personal data has long been disputed. It was, in fact, a ‘decision pending’ issue before the European Court of Justice for some time before they were confirmed as personal data by the GDPR.
For all digital professionals – especially those conducting location-based advertising campaigns – IP data is vital. Not only used for effective and engaging targeting, it is also integral to fraud detection and data security. It is important to note that IP addresses are a fundamental element of the system that allows the internet to function and the majority of IP usage is not related to identifying individuals.
Now companies need to adapt the way they process personal data to ensure they do not overstep GDPR boundaries. While placing data within the EU will enhance their ability to do so, it should not be regarded as the solution to aligning with the GDPR.
Keeping pace with market needs
A chief reason behind Sizmek’s decision to open a data centre in Germany was to meet the needs of heavily regulated clients — such as those working in the financial sector – who are concerned about processing the data of EU citizens in countries outside the union. While these concerns existed before the GDPR, the new laws enhanced the importance of this – and for Sizmek confirmed the value of our new centre.
Now that the countdown to GDPR implementation has begun, the value of establishing a European data centre is even more profound and in months to come it is likely that more businesses will respond to increasing concerns from their clients.
Considering the full data picture
It’s a challenging time for any business dealing with disparate privacy requirements around the world; the internet is global, but regulation is local.
The US, for example, has very robust privacy laws, which in specific sectors like healthcare and finance, often exceed those of the EU. This is why data localisation is such a hot trend, as it increases companies’ capabilities to comply with local standards. Data localisation, however, also creates challenges by increasing cost and complexity for global businesses, and successful localisation takes more than just a move.
To achieve full local compliance, businesses must consider how they move, manipulate, and process all data. Not just information stored within the data centre itself but any global data used throughout the business online and offline.
With the new GDPR due to be in force by 2018, big data is becoming an even bigger issue for worldwide businesses and many feel that localising their data processing capabilities will significantly enhance their capability to abide by the new EC laws.
Yet while data localisation will give businesses a better chance of fully meeting regulations, a local data centre is not a panacea for meeting the GDPR. As they consider joining the great data migration, businesses must remember that full compliance can only be achieved by adjusting every aspect of data usage to the new requirements, not just where there data is stored.
Andrew Bloom is senior vice president of international sales and business development at Sizmek