The General Data Protection Regulation (GDPR) will officially come into force on May 25, 2018 for all countries in the European Union. This regulation focuses on individuals and acknowledges their right to data portability, data access and transparency in relation to the processing of their information.
This represents not only the most significant step in the development of EU legislation since the introduction of the European Union Data Protection Directive, but also a shift of consciousness, thanks to which “data protection” will now be about defending individuals and their identity.
The GDPR has been designed to standardize guidelines on a European level, laying down clear, specific rules about how to store and look after data, and it even stipulates the creation of a new corporate position -Data Protection Officer- whereby these tasks will be specifically managed. Alongside this, various associations and organizations of service providers have been trying to anticipate the regulation in terms of data protection and security.
The CISPE, of which Aruba is a founding member, was one of the first associations to do so. Set up in 2016, it now includes more than 20 of the largest Cloud infrastructure providers operating in 15 European countries. The CISPE drew up a Code of Conduct (CoC) before the GDPR was due to come into force, fitting in with its requirements and sharing the same main goal: to return the citizens’ control of their own personal data, establish where this data is stored, and simplify the legislative context for international commerce, by unifying the regulations within the EU. According to the CISPE Code of Conduct, Cloud infrastructure providers cannot carry out data mining or trace customer data profiles for the purposes of marketing, advertising or similar activities, or for sale to third parties.
In the case of the CISPE, Cloud services declared to be compliant with the CISPE Code of Conduct are identified by a specific compliance mark – ‘CISPE service-declared’ – offering customers of the services bearing this mark, the peace of mind of knowing that the data hosted by their infrastructures is based at data centers within the European Union, and that they already comply with specific requirements in terms of data protection and security. There is therefore no need to wait until May 25, 2018 to start protecting ourselves. It is vital that we are prepared and do not just sit still waiting for that fateful date: this deadline must be seen as an opportunity to improve security and corporate growth by creating new jobs and, ultimately, reap the rewards of a digital market comparable to that of the United States or China.
Another international issue, which is important to assess when you start to use a cloud service, is “data lock-in”, that is, the problem that can arise when you decide to move your data from one Cloud provider to another. The OCF, or Open Cloud Foundation, is an association of technology companies set up in order to create a framework that ensures the Cloud’s openness, bringing together technology and service providers, Cloud providers, business clients, research companies and ‘regulatory’ bodies around this same goal. The idea is to maintain and guarantee freedom of choice for corporate customers when they are designing their business, and to avoid the danger of lock-in that can be imposed by less transparent providers.
In this booming Cloud market, each technological level of ICT solutions is frequently offered as a service. This means that corporate customers can rely on many more outsourcing and value-added services provided via the Cloud. It will therefore become essential, on the one hand, to avoid the rise of new silo systems, and, on the other, to make sure that the most prominent Cloud operators do not impose “standards” on the market that would inevitably be rather closed, thus limiting the dynamism of the market.
To ensure a stable growth for any business, both now and even more so in the future, it will be important to protect the concept of the open cloud: letting customers change suppliers easily and facilitating their access to heterogeneous Cloud Stacks will uphold healthy competition and force operators to develop and offer innovative solutions.
Thanks to this kind of initiative – like the CISPE and the OCF – it is already possible to identify providers who are already putting plans in place, in anticipation of the change in legislation, with a series of moves that will guarantee a system that is more focused on the security and transparency of Cloud services.
To find out more: http://aru.ba/cloudgdpreu
Guest Post By Stefano Sordi, Aruba’s Chief Marketing Officer