Sheila M. FitzPatrick: GDPR is an Evolution, not a Revolution
by Josh Anderson
DUBLIN, IRELAND — GDPR already impacting practically everyone in the digital arena. And if nothing else, that means that the data center industry survived May 25th. So CapRE invited Sheila M. FitzPatrick, President and Founder of FitzPatrick & Associates to the Third Annual Ireland and Emerging Markets Data Center Summit in Dublin in July, to provide a keynote presentation titled The Impact of GDPR, Data Privacy and Protection Laws on Cloud Adoption and Role of the Data Processor.
“Data centers are absolutely needed in today’s world, and I’m going to talk about what the impact of GDPR is going to be,” began Sheila, after asking the room to self-identify with a raised hand whether they are a data center operator, Cloud service provider or other.
“I’m going to talk a little bit about what GDPR is and what it isn’t,” she shared. “There are a lot of myths out there and there’s been a lot of scare-mongering going on, and hopefully we can clear some of that up. I’m also going to talk about the ripple effect of GDPR and what’s happening around the world. Plus, I’m going to talk about the fact that, while we’ve all been burying our heads in the sand about GDPR, the rest of the world has been moving forward with some laws that are even more restrictive than GDPR.”
Fitzpatrick then provided one of her key theses. “To get started, I want to say that GDPR is an evolution. It’s not a revolution,” she shared. “The world did not end on May 25th of 2018. We’re all still alive, we’re all still operating, we’re still managing data, we’re still collecting data, and we’re still processing data. Even though some people would have you believe that prior to the enforcement date, the world was coming to an end, like with Y2K.”
“What’s happened is, we have to be realistic about what this means,” explained Fitzpatrick. “We have to be pro-active about recognizing what data we need in order to manage our business. What data do we need to provide the services that we need to provide? What data do we need to manage the employer relationship, or the customer relationship? If you need data and you have a lawful basis for processing that data, then the GDPR does not say that you can’t have that data. Nor does it say that you can’t move data outside of the jurisdiction of origination.”
According to Fitzpatrick, what the GDPR does stipulate is that, you have to be extremely transparent about the collection and processing of that data. “You have to build trust with your customers. You have to vet your third parties to make sure that they comply,” she outlined. “Often times, when you talk to individuals in certain countries, and I like to use Germany as an example, you will [only] hear part of the law.”
“What they’ll say is, you can’t move data outside of Germany,” offered Fitzpatrick, before preparing to conclude her remarks. “What they don’t say is, unless you go through the compliance process. So I know someone had mentioned earlier that the understanding was you couldn’t move your data outside of the country. You can, provided that you comply with your legal obligations.”
Stay tuned to future CapRE Insider Reports for further insight from Fitzpatrick. For other coverage of CapRE’s Third Annual Ireland and Emerging Markets Data Center Summit in Dublin, check out previous CapRE Insider Reports: