Hello, How are other customers preparing for GDPR compliance. I have gone through the GDPR text and am constantly confused by its applicability to Non-EU organizations. not looking for legal advice but given the ambiguity and inevitable need to adapt to whatever GDPR brings, I'm interested in the architecture approach. Any insights on this topic will be incredibly helpful.
Yes, the May 2018 deadline looms along with the impacts. Depending on your particular industry and circumstances, the game plan may vary. At a high level, the ‘General Data Protection Regulation’ is about protecting personal data location, how it’s stored and controlled (see the EU's GDPR website).
Controls and accountability regulations are fairly granular to the country level. Because of this, you need to know where any personal data is stored, which may or may not exclude storing it in public cloud, depending on the location guarantees you can get from Public Cloud providers. You may need a private storage that is collocated to make it easier for programs running in cloud to compute (not keep the data). The colocation allows to lock the data down. Example - if someone from the outside the country (cloud or internet) wants to access the data, they can’t because the policy controls are locally enforced.
I hope this helps as a first pass, let me know if you want to dive deeper on a topic.
thanks for the reply. What are the most common areas of risk and ways to address? can you point to specific docs or resources that explains/illustrates what you wrote?
Considering the content we have on IOAKB, I suggest taking a look at the Security and Data blueprints:
Security Blueprint - the entire security blueprint is focused on creating a zero trust boundary and inspection zone at the digital edge, which is the interconnection control point for clouds, partners and user.
Data Blueprint -the data blueprint assumes and therefore leverages the design patterns delineated in the security blueprint
Please let me know if you need more guidance on this content. And best of luck with GDPR!
GDPR Compliance is applicable to any organisations that are processing EU Citizens Data irrespective if they are in the EU are not. Certain countries outside of the EU are covered by the 'Adequacy' clause which means they already have in place country specific legislation that complies with EU GDPR guidelines. These countries are: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Isle of Man, Israel, Jersey, New Zealand, Switzerland, Uruguay.
Non -EU countries not on this list are classified as 'Third Countries' & will require separate contracts between themselves and organisations that are selected as Data Processors. Some info here but also check with your company's Data Protection officer or legal team for any derogation's
Hello - marekmoszynski excellent points. I'd like to build upon the solid guidance Merek provided with some particular points in the Security, Data and Application blueprints as they relate to addressing the challenges that GDPR poses and the benefits that an IOA first strategy can bring
Good points here.
But also good to look at GDPR as a help to improve marketing in general too, or as Alan Coleman, CEO of Wolfgang Digital says ...
“GDPR is great for marketing ... The elephant in the room is this: most advertising is crap. We all know this to be true. GDPR forces brands to get more creative in how they deliver brand experiences that have their audience requesting more. Greater rewards for great marketing."
rorymurphy Thanks for sharing! Agreed. The power of the consumer & user experience can't be underestimated (table stakes for digital).
Choose a location
There are no forums in this space.