Data privacy is king.
That’s the key message of the EU’s recent decision to strike down the Safe Harbor agreement with the United States. Under Safe Harbor, (an arrangement between the European Commission and the U.S. government) any U.S. entity certified as complying with its principles is permitted to process personal data transferred from Europe to the U.S.
In 2015, the EU’s decision declared the U.S. Safe Harbor Scheme to be invalid, creating major implications for multinational organizations that transfer personal information as part of their business.
As a result of this decision, it’s become crystal clear that the EU Data Protection Directive – which offers specific rules for the transfer of personal data outside of the Eurozone – trumps long-standing agreements with some of the largest US-based technology giants (think: Facebook, Google and Twitter).
As the U.S. pushes for legislation to reestablish an international privacy agreement, which some are dubbing ‘Safe Harbor 2.0,’ businesses must streamline operations in the meantime to ensure their customers’ data is protected. Many companies may be left wondering, “What now?” And for good reason! Organizations must begin to implement alternate means for transferring and managing European personal data to the United States.
Consider the following strategies to ensure seamless data management:
Organizations can no longer rely on a central data center
Organizations will need to consider policies for data replication and access. Policies will be specific in each geography; each having a very precise set of rules in the way data is curated. This has wide-ranging implications for cloud and Platform as a Service (PaaS) providers who are already building out region-specific data centers. The replication backbone must ensure that data is selectively replicated and is compliant with country-specific legislation.
Eliminating downtime and data loss is critical for any application having stringent service-level agreements and regulatory compliance mandates associated with it. The negative impact of downtime and data loss is orders of magnitude greater due to the increased risk of missed opportunity. What’s required is continuous data availability and performance across multiple locations, so that when a cluster or entire data center goes offline due to either scheduled maintenance, or hardware and network failures, users would still have full access to their data at other locations, with automated recovery features that eliminate the risk of human error.
Plan for Disaster
When companies don’t prepare for disruptions and disastrous events, they put their businesses in jeopardy – making a proactive disaster recovery and business continuity strategy not only a good idea, but essential to businesses. You don’t want to be uncertain about where you stand when disaster hits.
Though encryption has been gaining in popularity over the past few years, the Safe Harbor decision may encourage organizations to adopt crypto technology at much higher rates. By utilizing encryption and other data security strategies, organizations can continue to transfer anonymized data while also meeting strict privacy regulations mandated by the EU.
More than anything, the Safe Harbor decision has reinforced the ever-increasing need for data protection. The impact of the decision is wide-reaching and will affect nearly every global organization. With this in mind, U.S. data professionals and CIOs must be mindful that the personal data stored and transferred by their organization is not only protected, but also managed effectively.
Looking toward the future, organizations must brace themselves for even more changes to current legislation. With changes in the pipeline for the EU Data Protection Directive, as well as the proposed “Safe Harbor 2.0” agreement, it is imperative that executives stay informed of the latest data privacy developments. In 2016, U.S. companies should expect further legislation as more governments take steps to protect data of their people and businesses. Cloud providers in particular must evolve their data replication and digital curation practices to meet these stringent requirements.
If you have questions, concerns or other opinions, feel free to tweet me @DavidRichards.
(About the author: David Richards is CEO at WANdisco)