On May 25, 2018, GDPR (the General Data Protection Regulation) went into effect in all EU countries, about 2 years after it was first voted into law on April 24, 2016.
This summer, GDPR compliance has been one of the most important considerations for cloud service providers. While it is designed to strengthen the portability and security of data for EU citizens, it also provides many challenges for companies that work in both the EU and elsewhere.
In this article, we will look at the basics about GDPR, what cloud service providers should do when providing services in Europe and how Ormuco can help.
What Is GDPR?
The General Data Protection Regulation is a comprehensive EU regulation regarding data protection and privacy for EU citizens. Its primary goal is to give citizens more control over how their personal data is collected and used.
Most of GDPR relates to PII – Personally Identifiable Information – of EU citizens. All controllers of personal data must use proper organizational methods and technical precautions to protect the data of EU citizens.
For example, the regulation of “data protection by design and default” means that any company handling personal data must provide the highest possible safeguards for user data by default – such as anonymization, encryption, and advanced privacy settings.
GDPR also contains a number of regulations about how personal data can be collected and processed, and with whom this data is shared, both inside and outside of the EU. There are also regulations about data breaches – all businesses must disclose any data breach that affects user privacy within 72 hours.
For full details about the General Data Protection Regulation and how it affects businesses, check out this comprehensive guide.
What Cloud Service Providers Should Do When Building European Services
It is important to note that even non-EU companies are bound by the General Data Protection Regulation, should they wish to continue doing business with European countries. If your company handles data from even one European citizen, you must follow GDPR – or risk non-compliance fines.
Because of this, Cloud Service Providers must take special care to use platforms and tools that are GDPR-compliant when designing and implementing services for European countries. This is the best way to ensure that the principles of GDPR are not violated.
How to Deliver Compliant IT Services in Europe – Implementation Tips
If you’re interested in working in Europe, or need to ensure that you are compliant with the General Data Protection Regulation, we recommend taking a few basic steps and following these tips:
1. Hire a consultant – A GDPR consultant can ensure that you are not violating the guidelines, and provide input and advice on how you can modernize your business to make sure you meet all required guidelines and regulations.
2. Test your security – Data breaches will be penalized heavily in GDPR countries. You want to avoid breaches at all costs, and make sure that you are using advanced encryption and anonymization techniques to protect the PII of your users.
3. Find the right platforms – As mentioned, you should avoid using any programs or platforms that are not GDPR-compliant. This could expose you to serious liability, should a breach occur.
It’s also important to understand how the regulation differ for companies of different sizes. You can learn more about this subject by reading this article.
Case Studies – How Ormuco Partners in Europe Are Doing
At Ormuco, we are proud to offer a GDPR-ready cloud management and orchestration platform. We have several clients who are already using Ormuco Stack in Europe.
- Beeline Cloud, Russia – We have partnered with Beeline to offer cloud services in Russia through VEON. With its GDPR-compliant cloud platform entirely built on Ormuco Stack, Beeline is easily able to serve customers in Russia and all over Europe, without worrying about fines for data breaches, non-compliance, or any other such issues.
- ALSO Cloud, Finland – ALSO Cloud is a fully-managed cloud service launched in Finland in August, 2017, and it’s based on the Ormuco Stack. It is available through select Hewlett-Packard Enterprise (HPE) partners, and through the ALSO Cloud Marketplace, sponsored by HPE.Using Ormuco Stack, ALSO has developed a fully-featured, GDPR-compliant cloud environment that integrates hybrid cloud capabilities to mitigate the service gaps of other hyperscale cloud service providers. By using Ormuco Stack, ALSO Cloud has ensured GDPR compliance, and can provide customers all over Europe with top-tier cloud services.
Examples of GDPR Fines – And Potential Costs for Violating GDPR
GDPR is still in the early stages of compliance, so there are very few companies that have been fined for violating this data regulation. Most industry experts expect some leniency as companies continue to try to bring their companies into compliance over the next few years.
However, the cost of violations is quite high. Companies like Facebook and Google could face fines of up to $9.3 billion, for example, because of privacy complaints by users that were issued within hours of GDPR taking effect this May.
The General Data Protection Regulation permits fines of up to 2-4% of annual global revenue, so companies that fail to abide by regulations could face incredibly steep penalties.
As another example, TalkTalk, a company which suffered a data breach in 2016, faced a fine of £500,000, to security failings which resulted in the release of customer information. An analysis by a consulting firm found that this fine would be 79x higher under GDPR – the company could have been fined up to £59 million.
Partner with Ormuco – Use Our GDPR-Ready Cloud Platform In Europe
The best way to avoid GDPR fines if you’re a service provider in Europe is to build your cloud services on a powerful, secure platform such as the Ormuco Stack. Our GDPR-ready platform is already operating compliant cloud services in multiple European countries.
Curious to learn more about this regulation, and how Ormuco can help you avoid fines and penalties? Feel free to contact Ormuco now. We’d love to continue this discussion, and help you learn more about what you need to do to offer your services to Europe under the new GDPR regulations.