The ruling on Tuesday of this week by the European Court of Justice that the US-EU Safe Harbor agreement is invalid will affect U.S. companies that rely on Safe Harbor as a compliance mechanism and it will affect every business or organization that transfers personal data protected under data protection laws, from the EU to the US. We asked Sheila FitzPatrick, NetApp’s worldwide data governance and chief privacy officer to put this into perspective.
What does this ruling mean for businesses?
This new ruling is a clear signal for businesses in the USA or Europe to make sure that they have both the right technological and legal foundations in place. They must identify and take every step necessary to comply with the specific data protection laws in the countries in which they operate. Considering data privacy as an afterthought is not an option for any business. It needs to be built into the go-to-market from the beginning. After this ruling, employees, customers and partners will look even more closely as to whether the company they partner with puts protection of personal data and respect for an individual’s fundamental right to privacy as high on its agenda as innovation around their core product or services, as well as their overall business practices.
Talk to us about data privacy and data management, what does the ruling signify?
The ruling also underlines that effective data privacy programs and data management practices are a must for all organizations that deal with personal data. Whether this data is stored on their premises or with an external cloud provider, organizations need to reassure their customers, partners and employees that all data is collected, processed, accessed, shared, stored, transferred and secured in accordance with applicable data privacy laws, and only used in a pre-agreed, legitimate and lawful way. Commercial success is largely defined by consumer trust, and data breaches or non-authorized access or use of personal data can virtually ruin any business from one minute to the other. However, if done well, data protection also creates a significant opportunity to differentiate business opportunity.
What does this ruling mean for technology providers?
Technology providers can now demonstrate they understand what businesses need, by ensuring compliance from a data collection, storage and processing standpoint and by preventing risk of legal action or customer mistrust. Technology providers should be the trusted advisors who not only supply hardware and software, but also understand that data privacy compliance is more than just providing security.
How does this ruling affect NetApp’s business?
Data Fabric is NetApp’s vision for the future of data management. It gives you the freedom to seamlessly manage your data across the hybrid cloud. You can move data where you need it most, innovate faster, and always make the best decisions for you and your organization.