The state of GDPR, one year later
When the European Union’s General Data Protection Regulation (GDPR) went live a year ago, companies across the globe were bracing for the sky to fall. And while there were certainly some headline-grabbing fines for noncompliance (most notably, Google’s almost 50 million Euro hit this past January related to “forced consent”), the mandate’s first year was far less “doom and gloom” than many had expected.
In fact, despite many companies having to scramble to meet compliance standards (specifically non-EU-based organizations that weren’t wise to how far-reaching the impact of GDPR really was), it appears many organizations took the looming deadline as an opportunity to clean up their act when it comes to data collection.
In many cases, this involved enterprise IT teams reevaluating how and where they collect data from the top-down. That includes reconsidering not just the location of corporate data centers, but just how much the enterprise network will rely on traditional hub-and-spoke network architectures in general. While this helped inch teams that may have been dragging their feet closer to cloud migration and digital transformation initiatives, the nuances and complexities of the regulation called for teams to take a multi-pronged analysis of their workflows to truly comply with the new regulation.
At AppNeta, we frequently talk about the importance of employing comprehensive network performance monitoring before, during and after any overhaul of the network -- whether that’s a cloud migration or simply a reallocation of data stores. But part of how we deliver actionable insights that IT teams need involves collecting a diverse array of information, including data that identifies end users.
GDPR provides a few options to protect the information of EU users, including pseudo-anonymization and encryption. To ensure that we aren’t inadvertently putting our customers at risk, we’ve taken the incremental steps of ensuring that all personally identifiable information (PII) we might be privy to is encrypted at all states of its lifecycle. And this applies to all users, not just AppNeta customers in the EU.
To that end, all AppNeta customers have to have active subscription or trial contracts to collect this monitoring data, period.
By fulfilling our due diligence in ensuring our solution won’t leave our customers vulnerable, we can effectively partner with network teams and data controllers to help ensure the new workflows they are implementing are set up for success. This includes not just monitoring the performance of the apps and connections that keep the enterprise up and running, but also ensuring that potentially bad behavior -- from shadow IT to policy violations -- doesn’t happen outside of IT’s scope.
To learn more about how AppNeta complies with GDPR, reference our FAQ here.