10 Things Data Center Operators Can Do to Prepare for GDPR

Maria Korolov

August 3, 2017

2 Min Read
European Commission headquarters in Brussels, Belgium. 2016
European Commission headquarters in Brussels, Belgium. 2016Carl Court/Getty Images

As we explained in an article earlier this week, the new European General Data Protection Regulation, which goes into effect next May, has wide-reaching implications for data center operators in and outside of Europe. We asked experts what steps they would recommend operators take to prepare. Here’s what they said:

Ojas Rege, chief marketing and strategy officer at MobileIron, a mobile and cloud security company based in Mountain View, California:

Every corporate data center holds an enormous amount of personal data about employees and customers. GDPR compliance will require that only the essential personal data is held and that it is effectively protected from breach and loss. Each company should consider a five-step process:

  • Do an end-to-end data mapping of the data stored in its data center to identify personal data.

  • Ensure that the way this personal data is used is consistent with GDPR guidelines.

  • Fortify its protections for that personal data since the penalties for GDPR compliance are so extensive.

  • Proactively establish a notification and forensics plan in the case of breach.

  • Extensively document its data flows, policies, protections, and remediation methods for potential GDPR review.

Neil Thacker, deputy CISO at Forcepoint, a cybersecurity company based in Austin, Texas:

Data centers preparing for GDPR must be in position to identify, protect, detect, respond, and recover in case of a data breach. Some of the key actions they should take include:

  • Perform a complete analysis of all data flows from the European Economic Area and establish in which non-EEA countries processing will be undertaken.

  • Review cloud service agreements for location of data storage and any data transfer mechanism, as relevant.

  • Implement cybersecurity practices and technologies that provide deep visibility into how critical data is processed across their infrastructure, whether on-premises, in the cloud, or in use by a remote workforce.

  • Monitor, manage, and control data — at rest, in use, and in motion.

  • Utilize behavioral analytics and machine learning to discover broken business processes and identify employees that elevate risk to critical data.

See also: What Europe’s New Data Protection Law Means for Data Center Operators

Read more about:

Europe

About the Author

Maria Korolov

Maria Korolov is an award-winning technology journalist who covers cybersecurity, AI, and extended reality. She also writes science fiction.

https://www.mariakorolov.com/

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like