Call us on +44 (0) 1708 338186

  • Contact us
  • Search

Find Us

Sales and Marketing

50 Eastcastle Street

Registered Office

Witan Gate House
500-600 Witan Gate West


Data centres and GDPR

Posted by on May 30, 2018

The countdown is on. With a month to go before the General Data Protection Regulation (GDPR) becomes enforceable, data centres must be aware of the crucial role that information asset management managers will play in complying with this legislation.

These managers will need to display due diligence in processing customer data and ensure that the regulations are being adhered to – as, in the event of a lapse or breach, businesses will need to pay eye-watering fines of up to 4 per cent of their annual global turnover or €20 million.

Companies need to keep their data governance practices in good order and store data in centres that are protected, to ensure that the processing of personal data is done safely and securely.

The pain points of the new regulation can be broken down into four main areas:

The data itself. As GDPR enforcement has been approaching, many companies have been checking through their customer data to ensure that all information is up to date and relevant and easily accessible – and time has nearly run out to finish off this process. GDPR will give any individual the right to access their personal data and supplementary information and be able to verify the lawfulness of the processing, which they can do by filing a Subject Access Request (SAR). If the data held breaches GDPR laws, it could result in hefty fines.

Access to the data. In the event of a company being sent an SAR by a consumer, that organisation needs to respond with this information in a timely manner, to comply with legislation. Thus, they need to be able to guarantee that they can access all customer data at all times. This involves using data centres that are running at optimal levels and are essentially working as they should. If there is a breach or power outage, all personal data must subsequently be fully restored.

Monitoring the data. As organisations check their data, slim down their mailing lists and update their records, the addition or removal of physical or virtual assets must all be tracked. Ignoring asset management could mean wasting energy on zombie servers (a physical server that is running but has no external communications or visibility and contributes no computer resources) – or incurring huge fines where due diligence is not being demonstrated.

Ensuring data processing is safe. One of GDPR’s 99 articles outlines the need for companies to regularly test, assess and evaluate processes to ensure the safety of data processing. This extends past data breaches and cyber-attacks to include power failures, network downtime and natural disasters. To maintain security, data centres must ensure that they meet – if not exceed – service level agreements. Even physical location should be considered, when setting a data centre up – and any sites vulnerable to floods or other natural disasters should be avoided.