By Lee Wade, CEO, Exponential-e
Data, like gold, silver and diamonds before it has become a highly valuable commodity.
Unlike these minerals however, it does not centre in rich pockets in far-flung nations.
Today its rich veins run across every last inch of the world with an internet connection.
As with any precious commodity, it is not long before there must be some form of control, to manage it and protect those that rightfully own it. There have been attempts to date.
In the UK, the 1998 Data Protection Act has tried. But so fast has the rise and importance in data been, that it simply has not been able to keep up.
The General Data Protection Regulation (GDPR), set to come into force in May next year, aims to harmonise the rules in which EU citizen’s data can be accessed by organisations, anywhere in the world.
It brings with it the promise for a fundamental change – with lawmakers promising to be much stricter with businesses that disobey the rules.
The changes that will come into force as a result of GDPR are nothing short of monumental.
In today’s world, everything is digital. If an organisation is in operation, then these changes affect it, as it will always be in some form of control of customer’s personal data – from email and physical addresses to personal details such as medical and financial information.
It also doesn’t matter if that organisation is located in the EU or not.
If it has a presence on the internet, then it potentially has a worldwide customer base.
Unless it blocks traffic and transactions from the whole of the EU, then GDPR implicates and impacts both it and its customers, regardless of whether it operates out of Zimbabwe or Lithuania.
Such is the nature of modern data, it mostly travels over a network connection and will likely be stored in a data centre at some point in its life.
As such, just as cars travel on complex roads that are regulated by a sophisticated network of CCTV and traffic police, or aeroplanes fly across different international air spaces and must report into numerous air traffic controllers, data must be monitored and controlled in the same way.
Always be prepared… for anything
As GDPR approaches it’s highly important that network and cloud providers are fully aware of the duty of care they must provide to their customers and have a clear view of the data they transport and store.
This is due to the fact that ultimately, when it sits on their networks, they have responsibility to ensure that the data they are being paid to transport remains safe, secure and does not end up in the wrong hands.
In a world where cyber criminals are increasingly more sophisticated, networks are becoming a prime target – much in the same way the ships that transported gold on the high seas were sought out by pirates.
Security of data whilst in transit is now of more fundamental importance than ever before.
With GDPR implemented, there would have been far greater consequences for any business affected by the recent WannaCry attack as, ultimately, people’s personal data was put at risk.
Had this happened in 12 months’ time, the maximum fine companies would have faced would have been astronomical, bearing in mind that hundreds of thousands of people’s personal information was affected.
It was a warning shot to network providers to ensure state-of-the-art security programmes that have the ability to protect and encrypt the valuable data they transport is firmly in place by the time GDPR becomes standard practice.
Ultimately, it’s important that those companies that provide network and storage take their positions as data guardians seriously; they must be prepared for every situation that could potentially put the data in their care at risk of theft, damage or abuse and fall foul of GDPR regulations in the process.
Data controllers – as network providers are referred to in official GDPR terms – must view themselves as more than just transporters.
The need to provide insight, advice and clarity to the customers they serve will make them experts and consultants on what this brave, new and highly vital, GDPR led world entails.
GDPR is coming – if network operators want to continue to be involved in the now highly valuable data game, they must become custodians, consultants, controllers, advisers, as well as transporters.