Table of contents:
- A European law with global effects
- The country of the data does not matter
- Fines for those who leak data
At the end of May 2018, the new General Data Protection Regulation of the European Union, better known as, will enter into force GDPR Under this somewhat nondescript name hides comprehensive and demanding legislation to protect the personal data of Europeans, which can significantly affect all of us.
The privacy and the rights regarding our data are you're going to see heavily enforced, and the law forces even US companies to work with personal information of European users… despite the conflicts between different regulations They won't take long to explode. Google, Facebook, WhatsApp or Apple, not even the largest multinationals will escape the effects of the GDPR.
We have had the opportunity to chat about this topic with Alban Schmutzat the OVH Summit 2017, which we have recently discussed. Schmutz works within OVH so that both the company and its clients comply with the GDPR on time. OVH is part of the "back room of the Internet", its servers host millions of web pages and online services. It is a European cloud provider, so it has seen an opportunity in the countless companies now having to adapt to the GDPR.
The GDPR, in principle, does not leave many holes. It is mandatory, and the countries of the European Union do not have to include it in their laws, because it is applied directly. We citizens are going to see that we have the right to consult, delete and obtain a copy of any of our personal data In case a company suffers a security problem and they are leaked, the fines can be very high.
A European law with global effects
Some of the details of the GDPR will probably not be fully noticed outside of Europe, such as the new version of the controversial right to be forgotten that allows you to delete results from Google and social networks. But it is clear to Alban Schmutz that, in a global world, the GDPR is going to affect practically everyone A company, whether in Australia, South America or India, You must apply the terms of the GDPR to the data of your European customers.
A scenario is being handled in which the GDPR could become a de facto standard. Companies, to simplify their work, would apply it in their processes regardless of whether the personal data does not belong to citizens of Europe.
The problem with an extraterritorial law is that it can collide with others. In fact, the United States has extraterritorial laws such as the Patriot Act that are likely to generate conflicts, over all in third countries. For now, it is not very clear what will happen, but it seems clear that multilateral negotiations will be necessary.
The country of the data does not matter
OVH plans to open a data center in Spain during 2018, located in Madrid. We have asked Alban Schmutz if he thinks that users and companies will value the security of having the data in their own country. His answer was clear: after the entry into force of the GDPR, it will make no difference in that the data is in a place or other in the European Union, except for issues of national security or other strategic data.
OVH considers that there are no legal reasons for locating a server in one country or another Nor on a technical level, since security depends on how it is implemented, not the location, and within the European Union distances do not require as many data centers.
But Schmutz acknowledges that customers sometimes have different preferences, and that OVH will continue to grow. If there is demand for a data center in a certain country, it makes sense to meet it, even if the reasons are strictly business.
Fines for those who leak data
We have seen very serious data leaks in recent years, and the GDPR foresees very serious fines They reach up to 4% of billing worldwide number of companies affected, which in some cases can result in an exorbitant number. Alban Schmutz confirms that there is concern among companies.
Obviously they have an obligation to abide by the law, but with leaks only increasing, the European Union may be especially strict after the entry into GDPR, with hefty fines. It's a hypothetical scenario, but no company wants to risk being hurt if it becomes a reality.
There are many doubts regarding the GDPR, but it is clear that the Spanish, and Europeans in general, will be grantedmore rights and security regarding our personal data The General Data Protection Regulation of the European Union it will become mandatory in May 2018, and it is clear that we will have more news about it as the date approaches.
What do you think about the topic? Do we need this stricter data protection law, or do you think local regulations are enough?