By Bernie cahiles- Magkilat
Companies that are expanding their footprint in the European Union (EU) are already taking steps to make their clients aware of the new data privacy rules under the EU General Data Protection Regulation (GDPR).
Data privacy was highlighted at the recent SuiteWorld 2018, a global gathering of NetSuite clients, stakeholders and media hosted by Oracle NetSuite in Las Vegas, as the stricter and more stringent EU GDPR takes effect on the 25th of this month. SuiteWorld has dedicated a session on “Privacy in the Cloud: The EU GDPR.”
Evan Goldberg, executive vice president of Oracle NetSuite, stressed the need to feature data privacy in EU during the event because the world’s pioneer in Cloud Computing revolution is aggressively expanding its presence in the 28-member states of EU.
“We are expanding our footprint in Europe,” said Goldberg as the major reason of taking the opportunity to discuss EU’s GDPR during the SuiteWorld 2018.
At the SuiteWorld, NetSuite has announced plans to more than double its data center footprint from five data centers globally to 11. NetSuite currently operates five data centers, three in North America, one in Amsterdam, Netherlands and one in Dublin, Ireland. NetSuite expects to add a fourth North American data center in Chicago.
As part of the global expansion plans, NetSuite will leverage existing Oracle data centers in Europe and Asia. In Europe, NetSuite is scheduled to open a data center in Frankfurt, Germany to remedy the lack of modern cloud-computing offerings in the country. In Asia Pacific, NetSuite plans to initially launch facilities in Australia and Singapore, followed by Japan and China. The addition of Oracle data centers to NetSuite’s operations will provide even greater security, redundancy, performance and scalability for new and existing customers across the globe.
NetSuite expects to double its global presence, expanding from offices in 10 countries to 23 spread across the globe. The addition of Oracle’s field offices significantly increases NetSuite’s ability to meet the rising demand for cloud ERP around the world.
NetSuite is establishing a new presence in Argentina, Brazil, Colombia, Chile, Mexico, France, Germany, Sweden, Dubai, China, India, Malaysia and New Zealand.
“Certainly, we’re doing things. It’s important. I think the whole world will go towards these rules,” Goldberg said citing the recent events where Facebook was questioned for improperly sharing personal data of users.
Forum speakers Aidan Parisian, director for Risk and Compliance Solutions, Fastpath Inc., and Rae Gaerland, Oracle senior manager for compliance, tried to explain the relevance and importance of GDPR to Oracle NetSuite stakeholders. They discussed the key requirements for preparing for the GDPR, including examples of managing access controls.
Gaerland noted that EU’s GDPR applies to any company that collects, processes or stores personal data of EU citizens, regardless of where its is based.
The GDPR is meant to protect the rights of EU citizens for privacy of their personal data. There are also corresponding fines to companies that violate the rules. Continued violations will result in banning from entry or continued operations in the EU market.
Gaerland noted that the EU GDPR law is new so every requirement is based on objective interpretation.
Her understanding is that privacy rules covers any personal data coming out of Europe. Gaerland also advised the audience to just keep the data they needed.
Data privacy though can be tricky as Gaerand said that access is considered transfer even if there is no actual data transfer at all and that data viewed can also be considered data transfer, as well.
The GDPR requires accreditation, which needs for countries to seek for “adequacy status” by EU to enable free flow of information with EU.
Data adequacy is a status granted by the European Commission to non-EEA (European Economic Area) countries who provide a level of personal data protection that is “essentially equivalent” to that provided in European law. It can also be awarded to specified sectors of an economy or international organizations.
Once a country is granted “adequacy status,” personal data can be transferred freely between EEA member states, which include all EU countries. But personal data is allowed to leave the EEA only if the Commission judges there to be sufficient protection for this data in the destination country. When a country has been awarded the status, information can pass freely between it and the EEA.
This regulation has been enshrined under EU’s 2016 GDPR, which provides some additional safeguards around how individuals’ data is used. It harmonizes data protection laws across the EEA, as well as updating and expanding the scope of existing data protection regulation, much of which is two decades old.