• About Us
  • Partnership Opportunities
  • Privacy Policy

Data Center Frontier

Charting the future of data centers and cloud computing.

  • Cloud
    • Hyperscale
  • Colo
    • Site Selection
    • Interconnection
  • Energy
    • Sustainability
  • Cooling
  • Technology
    • Internet of Things
    • AI & Machine Learning
    • Edge Computing
    • Virtual Reality
    • Autonomous Cars
    • 5G Wireless
    • Satellites
  • Design
    • Servers
    • Storage
    • Network
  • Voices
  • Podcast
  • White Papers
  • Resources
    • COVID-19
    • Events
    • Newsletter
    • Companies
    • Data Center 101
  • Jobs
You are here: Home / Executive Roundtable / Roundtable: What Has the GDPR Meant for Data Centers?

Roundtable: What Has the GDPR Meant for Data Centers?

By Rich Miller - June 20, 2018

LinkedinTwitterFacebookSubscribe
Mail

Today is day three of our Data Center Executive Roundtable, a quarterly feature showcasing the insights of thought leaders on the state of the data center industry, and where it is headed. In today’s discussion, our panel of experienced data center executives – Randy Rowland of Cyxtera, Dana Adams of Iron Mountain, Joel Stone of RagingWire, Samir Shah of BASELAYER, and Eric Ballard of Stream Data Centers – discuss the impact of the arrival of the GDPR and the future of data privacy regulation on the data center industry.

The conversation is moderated by Rich Miller, the founder and editor of Data Center Frontier.

JOEL STONE, RagingWIre

JOEL STONE, RagingWIre

Joel Stone, RagingWire: The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018 with over 100 separate articles that have to be addressed; the bulk of which concern the privacy, protection, and handling of data about EU citizens.

In the U.S., most data protection issues are familiar to anyone who has worked under PCI DSS, ISO 27001, or NIST regulations, so these are fairly readily addressed. That said, “72 hour breach reporting” has caused both legal and IT departments to up their game. IT and legal teams are now on the hook to analyze whether exposed or affected data can cause “risk to the rights and freedoms” of EU data subjects. Of course, these rules apply across all industries, and aren’t specific to data center providers.

Methods of consent and data collection must change. Companies can no longer bury language about how they are going to leverage user data in a separate and long “End User License Agreement” or “Terms and Conditions” document. Those methods have to be “Freely given, specific, informed, and unambiguous.” So that means companies may change how they collect and use Personally Identifiable Information.

I’d say it’s highly likely that we’ll see similar privacy regulations in the U.S. After so many breaches, U.S. citizens are worried about data collection and analytics methods conducted not just by businesses, but also the government.

Unlike in the EU, the U.S. doesn’t have a single comprehensive federal law regulating the collection and usage of personal data. However, lawmakers are continually pressing for revisions to existing data handling standards such as PCI DSS, ISO 27001, and laws and regulations such as NIST, the Federal Trade Commission Act (FTC Act), Children’s Online Privacy Protection Act (COPPA), and HIPAA HITRUST.

Simply put, yes, we’ll likely see an increase in similar privacy regulations in the U.S. We can only guess at the impact, but we believe they may be similar to the new EU regulations now in place.

Dana Adams, Vice President and GM of Data Centers, Iron Mountain

Dana Adams, Vice President and GM of Data Centers, Iron Mountain

Dana Adams, Iron Mountain: We think it is very unlikely that we will see a GDPR-like law in the US since we don’t have omnibus privacy law in the US. Instead, we have sector specific laws and also federal and state laws that will address some of the GDPR concepts and potentially give consumers more control over their personally identifiable information (PII). Data center providers who do not access customer data need to take certain precautions to comply with GDPR, but are not likely to be significantly impacted by the new laws if they already run a robust security and compliance program.

The key requirements for providers include maintaining a formal information security program that among other controls specific to the service offering, ensures the appointment of a Data Protection Officer, and incorporates incident response management, third-party oversight, periodic risk assessments and relevant training to all users. It also requires the establishment and execution of a Data Processing Agreement between providers, customers and related entities that specify the services in scope and each entity’s responsibilities as they pertain to the business relationship.

Eric Ballard, Vice President, Network & Cloud for Stream Data Centers,

Eric Ballard, Vice President, Network & Cloud for Stream Data Centers,

Eric Ballard, Stream Data Centers:  GDPR has been another opportunity to validate that the process and procedures that we already had in place were ready to tackle GDPR with minimal tweaks, more on the reporting side. With the advent of more and more information being available on people and their lives (whether it be shared by them or being gathered via their activities by third parties), the regulation landscape will change and become more rigid.

Governments are just starting to figure out what many of us have known for a long time, and with some very public exposures of user data it has created a distrust of providers and how they safeguard data that they control. This will all lead to a more transparent view of what is collected and stored, and hopefully how it is used. For the data center industry, there will be additional regulations to follow, and additional audits and verifications to achieve, but we are already ahead of the game versus many industries.

Samir Shah, VP of Product Management, BaseLayer

Samir Shah, BASELAYER: It is hard to predict political and regulatory trends in the US and other regions. But companies looking to do business with EU citizens will be forced to address GDPR in a short timeframe.

One clear short-term result from this regulation will be the need for a multi-zone data center strategy. In this new paradigm, having a consistent unit of data center deployment will be critical to ensuring deployment speed, uniformity, and cost structure savings across a distributed geographic footprint.

Randy Rowland, President of Data Center Services at Cyxtera

Randy Rowland, President of Data Center Services at Cyxtera

Randy Rowland, Cyxtera:  While too early to determine the exact impact of GDPR on data center providers and their customers, we have certainly seen that providers must take account of the methods and extent of their data collection practices.

This will allow data center service providers and their customers to determine where the collection and transfer of Personal Data (as defined in the GDPR) may require remedial action on their part to comply with GDPR.

NEXT: How the rise of edge computing will impact data center infrastructure.

Keep pace with the fact-moving world of data centers and cloud computing by following us on Twitter and Facebook, connecting with me on LinkedIn, and signing up for our weekly newspaper using the form below:

LinkedinTwitterFacebookSubscribe
Mail

Tagged With: BASELAYER, Cyxtera, GDPR, Iron Mountain, Privacy, RagingWire Data Centers, Stream Data Centers

Newsletters

Stay informed: Get our weekly updates!

Are you a new reader? Follow Data Center Frontier on Twitter or Facebook.

About Rich Miller

I write about the places where the Internet lives, telling the story of data centers and the people who build them. I founded Data Center Knowledge, the data center industry's leading news site. Now I'm exploring the future of cloud computing at Data Center Frontier.

  • Facebook
  • Instagram
  • LinkedIn
  • Pinterest
  • Twitter

Voices of the Industry

Building an Enduring World Begins with Accountability and Defining an Approach for Long-term Success

Building an Enduring World Begins with Accountability and Defining an Approach for Long-term Success TJ Faze, Head of ESG Strategy and Engagement at Vertiv, outlines the company's learnings around its recent ESG efforts.

White Papers

Bypass Architectures

Distributed and Centralized Bypass Architectures Compared

When designing a power protection scheme for data centers, IT and facility managers must ask themselves whether a distributed or centralized backup strategy makes more sense. Unfortunately, there is no easy answer to that question. Download the new white paper from Vertiv that explores the principle of centralized versus distributed bypass and applies it equally to standalone monolithic and integrated-modular UPS architectures.

Get this PDF emailed to you.

We always respect your privacy and we never sell or rent our list to third parties. By downloading this White Paper you are agreeing to our terms of service. You can opt out at any time.

DCF Spotlight

Data center modules on display at the recent Edge Congress conference in Austin, Texas. (Photo: Rich Miller)

Edge Computing is Poised to Remake the Data Center Landscape

Data center leaders are investing in edge computing and edge solutions and actively looking at new ways to deploy edge capacity to support evolving business and user requirements.

An aerial view of major facilities in Data Center Alley in Ashburn, Virginia. (Image: Loudoun County)

Northern Virginia Data Center Market: The Focal Point for Cloud Growth

The Northern Virginia data center market is seeing a surge in supply and an even bigger surge in demand. Data Center Frontier explores trends, stats and future expectations for the No. 1 data center market in the country.

See More Spotlight Features

Newsletters

Get the Latest News from Data Center Frontier

Job Listings

RSS Job Openings | Pkaza Critical Facilities Recruiting

  • MEP Coordinator - Data Center Construction - Ashburn, VA
  • Data Center Facility Engineer - Chantilly, VA
  • Data Center Site Operations VP - Seattle, WA
  • Senior Electrical Engineer - Data Center - Denver, CO
  • Senior Estimator - Data Center Construction - Denver, CO

See More Jobs

Data Center 101

Data Center 101: Mastering the Basics of the Data Center Industry

Data Center 101: Mastering the Basics of the Data Center Industry

Data Center Frontier, in partnership with Open Spectrum, brings our readers a series that provides an introductory guidebook to the ins and outs of the data center and colocation industry. Think power systems, cooling, solutions, data center contracts and more. The Data Center 101 Special Report series is directed to those new to the industry, or those of our readers who need to brush up on the basics.

  • Data Center Power
  • Data Center Cooling
  • Strategies for Data Center Location
  • Data Center Pricing Negotiating
  • Cloud Computing

See More Data center 101 Topics

About Us

Charting the future of data centers and cloud computing. We write about what’s next for the Internet, and the innovations that will take us there. We tell the story of the digital economy through the data center facilities that power cloud computing and the people who build them. Read more ...
  • Facebook
  • LinkedIn
  • Pinterest
  • Twitter

About Our Founder

Data Center Frontier is edited by Rich Miller, the data center industry’s most experienced journalist. For more than 20 years, Rich has profiled the key role played by data centers in the Internet revolution. Meet the DCF team.

TOPICS

  • 5G Wireless
  • Cloud
  • Colo
  • Connected Cars
  • Cooling
  • Cornerstone
  • Coronavirus
  • Design
  • Edge Computing
  • Energy
  • Executive Roundtable
  • Featured
  • Finance
  • Hyperscale
  • Interconnection
  • Internet of Things
  • Machine Learning
  • Network
  • Podcast
  • Servers
  • Site Selection
  • Social Business
  • Special Reports
  • Storage
  • Sustainability
  • Videos
  • Virtual Reality
  • Voices of the Industry
  • Webinar
  • White Paper

Copyright Endeavor Business Media© 2022