The GDPR Effect – Why US Businesses Need to Pay Attention

Toward the end of May, companies worldwide sent out emails informing customers of updates to their data privacy policies. These emails were in response to something called GDPR, which stands for the General Data Protection Regulation. It is a European Union regulation that requires organizations that store sensitive customer data to take appropriate measures to ensure they protect it and keep it private. Not an unreasonable request. The legislation impacts businesses of all sizes and IT organizations need to pay attention.

Why US Businesses Should Care About GDPR

A strict interpretation of the regulation leads one to believe that a US business that has a presence in Europe or stores the data of a European citizen must follow the regulation’s guidelines, at least as it relates to those citizens. How strictly to interpret GDPR is a topic of hot debate, but the reality is it is more than the components of GDPR about which US businesses need to be worried, it is also the GDPR ripple effect that extends far beyond EU borders.

A key reason that US-based businesses should pay attention to GDPR is the discussion GDPR has set into motion around data privacy. It is easy to imagine US citizens demanding the same levels of protection and privacy that Europeans get.

Another reason that US based businesses should pay attention to GDPR is organizations that have gone through the process of complying with the regulation are now using it as a marketing tool. One can hear the battle cry now, “Our US customers deserve the same protection as our European customers and with us they get it.” As that “you deserve data privacy” message gets out, the conversation around data privacy increases the volume of the battle cry. The reality is that once an organization has gone through the effort of creating a data management strategy that is in line with data privacy regulations, it is easier to make that policy applicable worldwide.

Attendees to our workshops ask me if the US has a GDPR-like policy waiting in the wings, that covers data privacy. My answer has been, “yes, eventually,” but the reality is that the government may not need to create such legislation, since competitive pressures will force businesses, of all sizes, regardless of their global presence, into compliance.

In our next entry “Developing a Storage Architecture for Data Privacy”, we’ll get into the storage aspects of developing a data privacy strategy. GDPR and future regulations place new requirements on data protection, retention, and deletion. These new requirements make some storage technology obsolete and make others an absolute necessity.

Twelve years ago George Crump founded Storage Switzerland with one simple goal; to educate IT professionals about all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought after public speaker. With over 25 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS and SAN, Virtualization, Cloud and Enterprise Flash. Prior to founding Storage Switzerland he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration and product selection.

Tagged with: , , , , , ,
Posted in Blog

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,893 other followers

Blog Stats
  • 1,256,482 views
%d bloggers like this: