If you’ve never heard of the European Union’s General Data Protection Regulation, we’re not surprised. But very soon, plenty of businesses will be wanting to make very certain that they don’t fall foul of it. Why? Because the EU General Data Protection Regulation has teeth.
And those teeth can take a big bite out of a business’s profits. Indications are that the penalty regime will be a tough one, with fines of up to €100 million, or 5% of worldwide turnover, and a liability that is shared between those companies that ‘own’ data, and those who host that data on their behalf.
Now, let’s be clear. The EU General Data Protection Regulation isn’t yet in force. But the legislators in Brussels are putting the finishing touches to it, and the EU’s European Council is aiming to see it adopted inside the next year, after which it will come into force over the following two years.
And importantly, it’s a ‘Regulation’, not a ‘Directive’. In Euro-speak, this means that it takes effect immediately, right across all of the EU’s 28 member states, without the need for each member state to draft its own legislation.
The EU General Data Protection Regulation: data protection matters
Every business likes to think that it takes data protection and IT security seriously. Despite which, security breaches continue to occur, with high profile attacks at companies such as Sony Pictures and American retailer Target showing just how vulnerable businesses might be.
And it’s precisely those sorts of breaches that the EU General Data Protection Regulation is designed to address: specifically, IT security breaches which compromise the data protection and privacy of private citizens.
Its guiding principles underscore this very firmly:
- Consumers must have confidence in ‘privacy by default’
- Consumers must give explicit permission for their data to be processed
- Consumers have a right to know about data breaches—and must be informed in a timescale that could be as short as 24 hours.
Fail to comply—or, even worse, fail to comply and suffer a security breach—and, well, that’s where those fines come in.
The EU General Data Protection Regulation and Business Intelligence
Now, the data that a business holds on its customers—those consumers—is (hopefully) securely held on its ERP system, and its CRM system if it has one.
But that transactional data isn’t necessarily the only place that consumer data is held. Because in many business, reporting and analytics takes place on separate systems, often on a slew of spreadsheets and Access databases scattered around the business.
And it’s here—rather than the ERP or CRM systems—that the greatest danger lies.
To be sure, it’s always possible that a hacker might access your ERP or CRM system from outside, and steal data. Certainly, businesses routinely put in place protective systems to guard against that possibility—although as Sony Pictures and Target will tell you, those security measures don’t always work.
But a far bigger danger comes not from outside threats, but ‘inside’ accidents.
A sales manager leaves a laptop computer on a train, for instance. Or a sales representative has laptop computer stolen from their car. Or a sales analysis spreadsheet file was copied to a USB memory stick—and now, no one can find the memory stick.
In short, the risks are very evident. But what to do?
The EU General Data Protection Regulation: the logic of a single secure data repository
Here at Matillion, we see the EU General Data Protection Regulation as just one more reason for moving away from crude on-premise approaches to reporting and analytics—especially if spreadsheet based—and moving to a full Business Intelligence solution.
And critically, a Business Intelligence solution built around a data warehouse—a single, designed-for-reporting, secure repository of all your data.
Against which, reports are run on-demand by users—but the data itself remains secure in the data warehouse, and not scattered around people’s desktop and laptop computers.
And the best place to have that data warehouse? The Cloud.
EU General Data Protection Regulation: store your data in the Cloud
It’s not difficult to see why.
It’s now generally accepted, for instance, that Cloud-based security regimes are tighter than on-premise security provisions. That’s one reason that Cloud provider Amazon Web Services—which hosts Matillion’s data warehouses and Cloud BI solutions—is now a $5 billion business, of course.
Furthermore, all the data in Matillion’s Cloud data warehouses is ‘encrypted at rest’—meaning that it’s stored in an encrypted form, rendering it unreadable except by those with authorised access.
Moreover, Cloud data warehouses can be up and running in a matter of a few weeks, flexibly scaled to fit your data and reporting needs, and paid for with a single affordable monthly subscription. No additional server to buy, no data warehouse software or middleware to buy, and no lengthy implementation projects.
Want to know more? Download one of our free e-books, or browse our customer case studies. Don’t forget: the EU General Data Protection Regulation is coming—along with those punitive fines for security breaches.