Whitepaper: Data Protection, Data Security and Compliance (2017)
In the field of international jurisprudence, there are many different ways of looking at an issue and a variety of different legal systems. This is exemplified by the difference between case-based Anglo-American common law and the European civil law approach, based on codified statute law. Similarly, the US approach to storing data stands in marked contrast to the European approach. The former involves dispersing data to multiple data centers distributed around the country (or indeed globally) with the aim of maximising resistance to attack and obfuscating data location. The latter insists on continuous access to and control over technical and organisational security measures, including where data is located. There is one thing, however, on which all are agreed – in this day and age, legally watertight storage and provisioning of business-critical information is no longer a legal nicety, and compliance with relevant standards requires proper backup and archiving processes.
Since 2013, a series of revelations on mass surveillance carried out by a range of organisations, but particularly the NSA, have highlighted the importance of protecting both business and personal data. Data protection has become a core issue for business. Few people really understand the details of the business and personal liability risks that these issues give rise to. Non-compliance in this area can have fatal consequences for businesses. Legal consequences have ranged from potentially invalidating shareholders’ formal approval of the board’s activities (as required under German company law), to sackings and removal of the CEO’s authority. Companies can also find themselves inadequately insured or even uninsured against such ‘cyber-risks’. This white paper offers an overview of liability- related risks and looks at how an appropriate system of IT security management can limit these risks. The focus of the paper is on Iceland’s status as a data haven for cloud services and data backups and archiving, viewed from the perspective of German data protection law.
Click here to download full whitepaper