Lately, we have all been receiving emails from social networks, e-commerce websites, and other organizations that store any data about us. The content of each of these emails is practically the same: they tell us that the companies are updating their terms and conditions regarding privacy, and are asking for our authorization to manage our data. They are doing this because of GDPR.
The European General Data Protection Regulation is a complex set of rules about privacy and data protection for EU citizens, no matter where they reside or where their data is stored. This means that it will affect any organization working with EU citizens. It will be enforced starting from May 25 this year, and penalties are quite severe (up to 4% of worldwide turnover, or €20 million, whichever is higher).
I'm sure your organization has already taken the necessary steps to comply to this regulation but, in case you are not fully aware of the law and its consequences, I'd like to give you a list of interesting articles, podcasts, and videos I found that gave me a clearer idea of what GDPR is and why it is important for everybody.
The most important thing I learned about GDPR is that it is not about technology, but it is all about processes and policies. It is a very complicated law and parts of it are extremely precise regarding the tasks one needs to follow; other parts of it are still open to interpretation.
In addition, GDPR is not perfect, primarily covering privacy and data protection for social networks but ignoring other aspects that could increase costs while not providing the protection or privacy intended. I wouldn't be surprised if it was updated sooner rather than later…
I found the following podcasts and videos very interesting. I think they will help you get a grasp on what GDPR is and how it will affect us and our organizations without going too deep into aspects of the law that, frankly, are above my pay grade.
OpenIO and GDPR
OpenIO SDS and G4A are infrastructure products, so their role when it comes to GDPR is limited. But, since user data will eventually be saved somewhere, it’s best to do it safely.
OpenIO SDS offers a number of features to ensure that data is safely stored in the system, providing:
- Data integrity checks to ensure that what is written is always retrievable,
- Data encryption to ensure that data stored in OpenIO SDS is not readable by unauthorized persons,
- Advanced data protection with erasure coding to sustain multiple system fails,
- WORM functionality to assure that data is not changed improperly.
On top of this Grid for Apps, our serverless framework, adds the ability to run specific code that reacts to events allowing the system to examine data and search for specific patterns and raise alarms if something is not compliant with policies in place. For example, it is possible to check each file stored in SDS for credit card numbers or other sensitive information, and then take the proper action, such as scramble or mask this information, delete or encrypt it, or just ask the legal representative of the organization, such as the data protection officer, what to do.
A couple of recent comments about GDPR:
Official GDPR website: