& cplSiteName &

Top 4 GDPR Misconceptions

Andrew Froehlich
4/12/2018
50%
50%

When it comes to handling the European Union's General Data Protection Regulation (GDPR), there are two vastly different schools of thought. Some shrug off GDPR and assume that it doesn't apply to them. Others take the opposite approach and believe that their business will likely be shuttered if the regulation isn't followed to the letter. The truth obviously falls somewhere in between. In this article, we'll discuss four misconceptions regarding GDPR that will help point you in the right direction.

Misconception 1: Assuming compliance requests can be met
From a very high-level perspective, the goal of GDPR is to protect the data privacy of individuals within the EU. This includes business around the globe that collect and store data of EU citizens. Protections include an individual's "right to be forgotten," the ability for citizens to request and quickly receive their data collections, and the ability for individuals to identify and correct errors in the data. These may not be easy tasks for companies that collect and analyze personal data. IT leaders shouldn't simply assume that these requirements can be met. Instead, thorough testing should be performed to mimic these types of requests. A best-practice tip would be to treat GDPR regulation requests like disaster recovery testing. At a minimum of once per year, application and database administrators should perform mock user protection testing to verify that data deletion, reception and changes can be made in a timely manner.

Misconception 2: Where data should be stored
A key misconception regarding GDPR revolves around where and how data is stored. Some believe that as long as their collected data does not reside inside a European Union data center, they are exempt from the regulations. This is of course a false assumption. It's about the data, not the location where that data is stored. Much of GDPR was written specifically to handle data collection of organizations based outside the EU.

Yet just because GDPR regulations span the globe and require special considerations for EU member citizens, some IT security professionals take it too far and believe they must separate EU member citizen data from all other collected data and maintain EU data within EU data centers. It's important to note that if protections can be met, there's no reason to make drastic changes to collection and storage methods. There are ways to properly anonymize data to prevent the mosaic effect. When data protection is properly implemented, businesses should have no trouble complying.


Boost your knowledge of cloud-native software and innovations driving data center transformations! Join us in Austin at the fifth-annual Big Communications Event May 14-16. The event is free for communications service providers -- secure your seat today!


Misconception 3: Ignoring other global international regulations
IT departments often err by focusing solely on European Union regulations. GDPR is likely the first international regulation that will eventually become a large list. Countries including Australia, Japan and Singapore are also pursuing their own regulations. While some compliance factors may end up being the same, you can count on others to be more or less strict. So, assuming that because you comply with GDPR, your work is done is the incorrect mindset to have in 2018.

Misconception 4: Rushing to meet the May 25 deadline
One final aspect of GDPR that concerns many is the fact that enforcement starts May 25 of this year. That's not much time for those that haven't yet started preparing. However, it's highly improbable that the GDPR police are going to come banging on your door looking to see that the necessary protections are in place. Instead, GDPR enforcement is likely to be reactive and based on companies that announce data breaches once the regulations go into effect. If stolen data includes information on EU member citizens, it could trigger a compliance audit. So, technically, businesses could fly under the radar and reach compliance well after the May 25 deadline. This is obviously a risk. However, if you're rushing to meet the looming deadline when regulation begins, you're likely to make mistakes. Therefore, it may make sense to choose to miss being fully prepared by May 25 to ensure processes and procedures are put in place correctly.

Conclusion
It's so easy to jump to the extremes of either wasting time and money implementing massive changes to data collection and storage methods -- or ignoring the situation altogether. Instead, a level-headed approach is a far better mindset to be in. The EU is not out to get us. Instead, they've proposed logical and meaningful regulation to protect their citizens. We should be applauding that and assuming these types of regulations will soon take hold for many more regions around the globe. Although we as US citizens don't yet have these types of individual data rights, as global businesses that have EU member citizens within our data collection base, it's our duty to comply while also not going overboard.

Related posts:

— Andrew Froehlich is the President and Lead Network Architect of West Gate Networks. Follow him on Twitter @afroehlich.

(2)  | 
Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
Michelle
50%
50%
Michelle,
User Rank: Light Sabre
4/12/2018 | 10:08:54 PM
middle ground
This is a great post! I think you captured the two sides very well. While the regulation is far-reaching, it is nice to know that fines won't be the first course of action. 
sarcher60555
50%
50%
sarcher60555,
User Rank: Lightning
4/12/2018 | 3:02:03 PM
Exciting!
like paint drying.
Educational Resources
sponsor supplied content
Educational Resources Archive
More Blogs from Column
Why it makes sense for cable operators to distribute coherent packet-optical technology to the cable network edge.
How subscription streaming video downloads will keep mobile video viewers even more engaged.
5G's speed, latency and improved connectivity will bring a quantum leap to enterprise cloud capabilities for mobile users.
As healthcare, financial services, and education move to multicloud they face different security requirements.
Donald Trump's administration is denying China Mobile a US comms license on security grounds, but there's a much better reason to deny the giant Chinese operator access to the US market.
Featured Video
From The Founder
John Chambers is still as passionate about business and innovation as he ever was at Cisco, finds Steve Saunders.
Flash Poll
Upcoming Live Events
September 12, 2018, Los Angeles, CA
September 24-26, 2018, Westin Westminster, Denver
October 9, 2018, The Westin Times Square, New York
October 23, 2018, Georgia World Congress Centre, Atlanta, GA
November 6, 2018, London, United Kingdom
November 7-8, 2018, London, United Kingdom
November 8, 2018, The Montcalm by Marble Arch, London
November 15, 2018, The Westin Times Square, New York
December 4-6, 2018, Lisbon, Portugal
All Upcoming Live Events
Hot Topics
Telecom Jargonosaurus Part 1: Repeat Offenders
Iain Morris, News Editor, 7/13/2018
Broadcom Buys CA – Huh?
Mitch Wagner, Executive Editor, Light Reading, 7/11/2018
Verizon Taps Malady as Acting CTO
Dan Jones, Mobile Editor, 7/12/2018
FCC's Rosenworcel: US 'Falling Behind' on 5G
Iain Morris, News Editor, 7/13/2018
Netflix Is Growing, but Don't Ask by How Much
Phil Harvey, US News Editor, 7/16/2018
Animals with Phones
Casual Tuesday Takes On New Meaning Click Here
When you forget your pants.
Live Digital Audio

A CSP's digital transformation involves so much more than technology. Crucial – and often most challenging – is the cultural transformation that goes along with it. As Sigma's Chief Technology Officer, Catherine Michel has extensive experience with technology as she leads the company's entire product portfolio and strategy. But she's also no stranger to merging technology and culture, having taken a company — Tribold — from inception to acquisition (by Sigma in 2013), and she continues to advise service providers on how to drive their own transformations. This impressive female leader and vocal advocate for other women in the industry will join Women in Comms for a live radio show to discuss all things digital transformation, including the cultural transformation that goes along with it.

Like Us on Facebook
Twitter Feed