Towards the end of last year I published several blogs on the topic of data privacy, Safe Harbor and EU data protection laws and so it seemed timely to provide a short update on the current situation and also to summarize some of the interesting discussions that took place at a recent NetApp organized c-level dinner that I was fortunate to be involved in.
Regarding Privacy Shield (replacement for the now defunct Safe Harbor legislation) basically, it seems that the media got a bit ahead of itself in giving the impression that Privacy Shield is a done deal. The reality is that until representatives from the EU member states review and approve it, and the College of Commissioners ratify it, only then will Privacy Shield become law and even then there are changes coming in the new GDPR law due to come into force in 2018 that could affect it.
There is also concern that the European Court of Justice could invalidate it if it is seen as a “cosmetic” change to Safe Harbor. Not wishing to sound too glib, but it really does seem to be a case of ‘watch this space’… However, in the interim it seems clear that organizations, if they haven’t started already will need to adopt a data management strategy such as NetApp’s vision for a Data Fabric to provide the levels of flexibility and agility required to adapt to any future changes.
Switching gears back to the c-level dinner, apart from enjoying good food and great company, the evening included a fascinating presentation from a global legal data protection attorney.
The underlying message that I took away from this presentation was the need for organizations to embrace the impending changes in the law, as opposed to running away from them which could lead to hefty fines being imposed and a loss of revenue due to the reputational damage. The other point that came across loud and clear is that whilst they are linked, data privacy is not the same thing as data security. Both are important, but who has access to data and whether companies should even have the data are different from whether the data is secure or not. This can become even more challenging when outsourcing data to third parties and so it’s essential to ask the right questions of your suppliers to make sure that both security and privacy requirements are fully addressed and that they conform to EU and local data protection legislation.
Overall, this was one of the most interesting and thought-provoking events that I have attended in a long while. Talking to some of the customers afterwards, that opinion seemed to be wholeheartedly reflected. The overall feeling was that it was such a pleasant change for a technology company to put on an event where serious business issues were discussed and opposed to just pushing products.
From the EMEA Product & Solutions Marketing team
Links to other associated blogs and videos:
Moving Data to the Cloud – Compliance, Sheila FitzPatrick, NetApp Worldwide Legal Data Governance Counsel, Worldwide Data Privacy Counsel: https://www.youtube.com/watch?v=y6HlSDs-w-Q
Data protection and the Data Fabric: http://community.netapp.com/t5/Pan-EMEA/How-Safe-Harbor-Resonates-with-Data-Fabric-Vision/ba-p/110991