In May 2018, the GDPR came into force, the new regulation for data processing for users in all EU Member States. The main purpose is to give all European citizens complete control over their personal data, simplifying the regulatory framework for companies that have the task of managing such data.
The GDPR replaces the previous data protection directive. Fundamentally, the principles have remained unchanged but the numerous changes that have taken place in the digital world in recent years are taken into consideration.
GDPR: data protection directive
This change certainly did not go unnoticed. Users have seen their e-mail box filled with messages from companies that communicated the adjustment of privacy policies in accordance with the European regulation on the protection of personal data. Every company operating in the European territory must guarantee greater transparency regarding the data processing methods of the interested parties, imposing an update of their own policies on the subject.
Not only large companies but also owners of websites and web services must comply with the GDPR. therefore it is important to study the new European regulation and get in order. In most cases, the companies have had to contact a lawyer, who is in charge of managing all the procedures to regulate the processing of customer and user data using the services offered. This procedure is not painless for companies, which must rely on specialists to protect themselves from any partial non-compliance. The expense for an operation of this magnitude is not insignificant and certainly outside the reach of the small activities that operate on the web. Therefore, to reduce costs it is advisable to rely on partners operating in the European territory.
The main points that have been highlighted with the new regulation are three:
- Consent: people residing in the European Union must be informed clearly and in a simple and understandable language of all the conditions that govern the collection and processing of data during the use of a service. In addition, explicit user consent is required and it is mandatory to declare how the requested data will be processed.
- Extraterritorialit: data protection regulations must be applied to all companies offering goods or services and managing data of persons residing in the European Union. It is therefore irrelevant (as was believed) the headquarters of the company that processes the data, but the residence of the data owner.
- Sanctions: companies that do not comply with the regulation are subject to fines that can amount to up to 4% of annual turnover.
Aruba, one of the leading companies in the Italian market for web, cloud and dedicated server domains, offers companies useful services to reduce risks for the processing of personal data, helping its customers to comply with the new European regulation.
Aruba's services to simplify compliance with the GDPR
All companies that want to operate in the European territory must comply with the legislation on user privacy. Aruba a company with its registered office in Italy that manages the customer database in our country. Moreover all its data centers are present in Europe: for accuracy 3 they are in Italy and another 5 in the European community.
Aruba offers various Cloud services that help simplify compliance with the GDPR. In fact, there are different circumstances in which you have to manage user data, often unconsciously.
Let's try to give an example. A small business that operates online buys two cloud spaces: the first that deals with offering website services to customers, the second that is used as a backup space. We take it for granted that in both cloud environments user data is treated in compliance with the law. To keep a backup on the second space, a service must take all the data from the first server and transfer it into the second. This transfer can take place in different ways. The simplest is to transfer data in an unencrypted way. This mode would allow anyone to interfere with data transmission and access sensitive information. This solution, in addition to representing a security flaw, also violates the European privacy regulation.
Aruba Cloud Backup
To solve this problem, Aruba offers a service of Cloud Backup through which it is possible to create automated backups that respond to specific data processing security measures required by law. In particular, all data is encrypted according to the AES standard and transmitted via an encrypted SSL channel.
A second aspect to consider is the location of the data. From what we read in the European legislation, the GDPR does not oblige to keep all the data in its European data centers, but asks to treat only the data conveyed in the European Union, as provided for by the legislation. If some data is physically located in European soil and must be transferred to international servers, it is necessary to request the consent of all interested users. This puts the owner of the activity to worry about the procedure to follow to process the personal data of these users in accordance with European legislation.
Also on this aspect Aruba makes data storage completely transparent. The cloud services offered are activated within the borders of the European Union. Therefore, customers who rely on Aruba to sign up for a cloud service have no reason to worry about where the data will be stored and how they should be treated if the data centers were to be located in countries outside Europe. For more details on the services offered by Aruba to simplify compliance with the GDPR, I recommend giving this page a reading.
Do you have a small business? Did you know about the issues concerning the GDPR? Are you completely compliant with the European regulation? Let us know through the comments in this article.