On May 25, 2018 a modern data privacy introduced by the new EU data protection law known as the General Data Protection Regulation (GDPR) will go into effect. It will replace the Data Protection Directive 95/46/EC that was active for the last 20 years.
Lots of EU companies have been outsourcing all around the world for decades, taking care of data security mostly based on their own policies and internal rules. And it was all working fine.
So what now? How to deal with outsourcing having these new rules🤷‍♀️?
Like should companies continue working with non-EU companies, having them hosting, developing and managing their systems and data?! Why not to simply đźš«abandon any external access to be 100% sure you all good with GDPR.
From one hand, such act will rapidly solve the problem, but on the other, it will definitely be followed by extra đź’°budget implications. Especially if you’ll decide to keep the experienced manpower.
The answer to this issue may be đź’ˇtricky and mostly specific to the nature of company’s business. Say, you can limit the access to personal user data by splitting the access geographically. When dealing with a software development, you can make such data manipulations (say, data updating or structuring) automated. Also, you can anonymize (not only encrypt) the data while hosting it remotely.