The debut of the General Data Protection Regulation (GDPR) is not approaching quietly. Some are hailing its May 25 arrival, others are panicked by the shrinking timeframe to conform with its complex requirements, and there’s no shortage of advice (for a fee) about how to get through it all.
Clearly, the GDPR is not suffering from underexposure, but is it overhyped? The answer is most definitely “No.” But is it cause for widespread fear and loathing? The answer there is also a resounding “No.”
GDPR is a big deal, poses significant challenges to firms of all sizes, and the burden on the small to medium enterprise sector is arguably a concern. But in the longer term, it should bring some clarity and consistency in the area of personal data protection to companies operating across borders. Over recent years, many people have lost touch with what is going on with their personal data. The new law should also offer assurance to people worried about the use or abuse of their personal data, as GDPR is about putting a stake in the ground and laying out some ground rules around transparency to try to balance out that trend. Meeting GDPR’s demands is not easy, but at Equinix, we can help companies get to the other side of GDPR and stay compliant once there.
Putting data protection in its place
All the commotion over GDPR would be tough to take if it was all just sound and fury, signifying nothing, but its reforms are important. GDPR aims to bring order to an EU regulatory landscape marked by significant variations across its member states in both the substance and enforcement of its data protection and personal privacy laws. This new, unified regulatory framework will be backed by much stricter penalties for non-compliance, including fines for companies up to $20 million or 4% of their annual global revenues.
Penalties that size can’t be dismissed by any business. For the first time, all companies processing EU citizens’ data, including businesses operating outside of the EU, are being forced to assess their security protocols in relation to data sovereignty, and to look in detail at compliance across the full spectrum of their business. The question GDPR is really asking organizations is, “How are you controlling the data that’s been entrusted to you?” Ultimately, everyone from members of the public to legislators wants to know that the personal data leaving their laptop or phone is treated with the same respect as any other currency or commodity. GDPR elevates the protection of personal data to a place more fitting of its critical importance, though it undeniably presents companies with obstacles along the way.
For instance, it’s extremely difficult to track an individual’s personal data in the era of cloud computing and the Internet of Things, when data is constantly flowing from one global location to another in an instant. It means companies must have a handle on data protection measures throughout their digital supply chains, something that’s too costly and difficult for smaller businesses to consider. In the end, GDPR may act as a technology deterrent for these firms, and that could stifle innovation and growth. On the other hand, the likelihood that GDPR could be used against the largest and most prominent market participants – those who are often under the most regulatory scrutiny – is high, given that GDPR principles are for the most part stated in general terms, and it has been left for each business to ascertain what GDPR means for their business and how to approach their compliance efforts. No one really knows if they have got it exactly right.
Meeting the challenges of GDPR
So how can Equinix help companies of all sizes meet the challenges of GDPR compliance? First, with expertise. The reality is that GDPR and emerging privacy regulations globally affect every one of our customers, and our industry as whole. It’s true that we don’t have any access to, or control over, the personal data that is stored and processed by our customers on their applications and systems on the server equipment inside our data centers. But it’s also true that a large portion of the world’s personal data runs through Equinix data centers, and that makes us well-positioned to understand, interpret and navigate GDPR for our customers.
We’ve built on this unique position by setting up the Equinix Privacy Office, which I lead. This is a team of subject matter experts and legal advisors who ensure Equinix complies with GDPR and other data privacy laws, and we also address increasing numbers of customer requests during contract negotiations and period compliance checks for data privacy assurances. We ensure our own business is GDPR compliant for the personal data that we do handle, whether of our own employees, or those of customers or other third parties we deal with, and we also make sure vendors are upholding the best practice standards that GDPR demands. Furthermore, Equinix has partnerships with all the largest CSPs, including AWS, Microsoft Azure, Google and Oracle, and can advise on how to be engage with these partners across a data center deployment to best map to your IT strategy and fulfil any GDPR requirements. Not to strike an ominous tone, but May 25 is just the beginning of any company’s work to ensure GDPR compliance.
Equinix also has a variety of assets related to our global interconnection platform, Platform Equinix™, that make us well-suited to assist companies navigating GDPR. Keep in mind that compliance is rarely black and white, so enterprises must carefully understand the risks of implementing or foregoing various data protection measures. As companies consider their way forward, here are a couple things worth remembering about Equinix:
- Data proximity keeps customer data local and geographically close to users, which reduces the burden of GDPR compliance. Equinix has the largest data center footprint of any colocation provider, including 65 data centers in EMEA, so we can get you closer to more users in more places.
- Physical security and data security are inextricably linked. Equinix has Industry-leading physical security measures in world-class data centers, including a minimum of five layers of security to reach customer cages.
- We also offer customers additional layers of cybersecurity either through Equinix SmartKey™, which enhances data security by separating data and encryption keys in hybrid and multi-cloud environments, or through interconnection with leading security providers, such as F5 Networks for DDoS protection.
As May 25 approaches, there should be no doubt that the importance of GDPR justifies the hype, but also that Equinix will be there to play its role in our customer’s compliance, and to ease the burden of compliance. Data is the currency of the interconnection we specialize in, and so we feel we have an obligation to help our customers through this transition however we can. Through our Privacy Office, we’ll be there once GDPR is in place for whatever comes next.