Post-Brexit: how has data protection compliance changed?

While much of The European Union’s General Data Protection Regulations (GDPR) have been incorporated into UK law, it’s still important to consider what has changed in terms of how companies – particularly UK-based ones – ensure compliance to data protection regulations. It was argued in 2017 by Index Engines that GDPR puts personal data back in the hands of citizens. This raises the question: “Does this still apply?”

No matter what has changed, one challenge will remain: organisations’ ability to find business and legal-critical information within their vast unstructured data stores. Then there are the decisions about when to delete and where to store it, when to modify and rectify it. This is a complex issue now involving multiple petabytes of data, and organisations have no real understanding of what their unstructured data contains. With this top of mind, there is arguably a need for Wide Area Network (WAN) acceleration to gain the ability to find and move data around at high speed by mitigating latency and packet loss. This works to provide quicker data access and retrieval.

Three years down the track – is GDPR enough to protect our data?

Rob Price, principal expert solutions consultant and global lead for risk & compliance at Snow Software, discusses whether GDPR is enough to protect our data. Read here

Two classes of GDPR

David Trossell, CEO and CTO of Bridgeworks, comments: “Whilst the UK has committed to the adequacy on Brexit, it has created two classes of GDPR for UK companies: the UK’s GDPR and, for those handling European citizens, there is the EU’s original GDPR.” He explains that the free data transfer bridge came to an end on 30th June 2021 and, since then, there have been murmurings about the UK government’s intension to remove some of the requirements of GDPR in the UK.

“This prospect is strange, as it was the UK that started the whole GDPR initiative”, he says before adding: “By creating two classes of GDPR, organisations find that they have considerable work to segregate the two distinct groups and rules. As many countries have adopted the GDPR rules, it looks like the UK is once again alone in having different rules from everyone else.”

To add to what he describes as “confusion”, Trossell reveals that the EU is now contemplating GDPR 2.0 rules for AI. Yet there is some consistency. For example, Maurice Stewart-Ashley, sales director for EMEA and APAC at Index Engines, says there have not yet been any changes to the penalties that have been instigated, but this area will be a focus in the coming years.

Data volume growth

Data volumes are always going to change and grow. So, to what extent have they grown since 2017, and do organisations have a bigger challenge than in 2017 with finding personal and sensitive data? Stewart-Ashley believes that data continues to grow at an exponential rate. “Unstructured data, by its very nature, is the hardest to control and search with multiple petabytes now being the norm. All organisations spend inordinate amounts of time trying to manage and control this data,” he explains, before commenting that this demands very high levels of investment in hardware, software licences and, of course, space, power and environmental requirements.

Marketing strategies can benefit from AI-based unstructured data analysis

Michael Michalis, CEO of DigitalMR, discusses how AI-based unstructured data analysis can make marketing strategies more nuanced. Read here

Freeing unstructured data

Organisations also have a need to free up their data. This is because unstructured data often resides on tape. He explains that a local area network (LAN) can be indexed, managed, reduced and, in conjunction with Bridgeworks, even exceptionally large data quantities can be migrated to a low-cost platform, freeing up capacity and reducing licence needs: “This indexing process can provide full control of this data with the ability to defensibly delete and search instantly across the enterprise down to the file level for compliance or GDPR requirements.”

By freeing up their unstructured data, organisations can find, create and deliver increased business value. Here are Stewart-Ashley’s top 5 tips on how to achieve it:

  1. Index and then only retain business and legal-critical data – this can remove 60% of existing ROT and duplicated data.
  2. Ensure the remaining data is instantly searchable for business and compliance reasons.
  3. Ensure any restores can be completed in seconds to meet compliance SLAs.
  4. Maintain existing data retention policies in place to age out old data.
  5. Retire all legacy environments and index/move data to simplify and remove costs.

Cloud migration decisions

It’s also important to consider migration decisions; the need to move data to the cloud and its impact on data management strategies, policies, challenges, costs and outcomes. Trossell comments: “Cloud has been notorious for leaking details with poor security – this has got to be a concern for many companies using the web for data storage. In fact, many are now considering moving out of cloud data storage.”

Stewart-Ashley points out that whenever a malware attack occurs, the ‘restores’ place significant demands on bandwidth and unacceptable time delays in terms of data retrieval and transmission. This can potentially cause severe financial and operational pain and, in turn, accelerates the move to on-premise retention protected by air-gapped vaults.

He says the malware landscape has changed dramatically, and so “with incidences well publicised, there is now a very real, daily threat to all organisations” and so the focus on GDPR increased. These malware attacks are encrypting data, while also releasing company’s data to the world, which impacts on GDPR. Yet, compliance to the regulations will, in my experience, deliver “cost, manageability and security benefits that far outweigh the cost of implementation, which is a rare occurrence!”.

WAN acceleration’s role

So, what role can WAN acceleration play in data management and data protection compliance? Trossell responds: “Moving data out of the data centre is always painfully slow – especially if it is electronically over WANs, as much of GDPR data needs to have strong encryption to prevent data leakages, which means those that have relied on WAN optimisation in the past find it gives little or negative benefits to performance. The only option is WAN acceleration, as it preserves the immutable image of the data.”

In essence, not much has changed since Brexit began, but some changes might still occur over the course of time. No matter what happens in the future with the two types of GDPR, organisations will still need to have the ability to back up, restore, move, retrieve and find data at speed.

To bolster compliance – even if an organisation deploys SD-WANs, it’s imperative to mitigate the effects of latency and packet loss. This often doesn’t require more bandwidth because WAN acceleration can significantly improve bandwidth utilisation by using artificial intelligence, machine learning and data parallelisation. Even SD-WANs can be enhanced with WAN acceleration overlays, helping organisations to accelerate their data to, for example, the cloud while maintaining data protection regulatory compliance.

Written by Graham Jarvis, freelance business and technology journalist

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at stubbenedge.com