October 4th, 2016


Is your client and employee data secure…enough? How do you know—and how much would you bet that your organization’s existing systems and process are at least currently compliant?

The most recent global SAS Institute study of 15 countries (as reported in Marketing Magazine) still finds 63 per cent of respondents have concerns around sharing personal information.

Where is your data located?

Where is your data located?

Data privacy, security and sovereignty: the difference

Data privacy, your organization’s responsibility to determine whether the digital information you collect and store is shared with third parties; and data security, or how your organization uses the information, are both critical to your bottom line.

Here’s why: any Personally Identifiable Information (PII, details that can be used to identify a specific person) stored digitally in your organization’s database, including customer profiles or employee payroll, is subject to data sovereignty, or the laws of the country in which the data is located.

This means that non-compliance with data sovereignty regulations carries enforceable, potentially hefty financial penalties, wherever you do business globally, and wherever your data is stored:

  • The European Union’s General Data Protection Regulation (GDPR), approved in 2016 and enforceable by 2018, imposes increased data privacy compliance requirements with a financial penalty of up to €20m (approx. US$22m) or 4 per cent of annual worldwide turnover, whichever is greater (ComputerWeekly.com).
  • Canada’s longstanding Personal Information Protection and Electronic Documents Act (PIPEDA), amended by the newly-minted Digital Privacy Act (DPA) voted into law in 2016, now makes breach of data record keeping requirements an indictable offence with a fine of up to CDN$100,000 (approx. US$76,000) (Fasken Martineau DuMoulin LLP).
  • Singapore’s Personal Data Protection Commission (PDPC) recently announced enforcements of the country’s Personal Data Protection Act (PDPA), including financial penalties of up to S$50,000 (approx. US$37,000) for breaching PDPA provisions (Morgan, Lewis & Bockius LLP).

Privacy and security compliance, now

What can you do? In some cases, there are “umbrella” agreements you can sign on with, such as the newly adopted EU-US Privacy Shield and Compliance Agreements with Canada’s Privacy Commissioner.

These agreements can bring more clarity to national or regional regulations, and some shelter from liability—but you still need to take specific steps toward data privacy and security compliance:

  • Find out what client and employee information you store, and why: Do you need to capture it, and what are you using it for?
  • Determine where your data is stored: Are you aware of regional and national data privacy requirements, and are you in compliance?
  • Work with your vendors: Do they have strong data security best practice? What will work with your business requirements and budget?

The GT.net solution

GT.net provides four points  of protection for your data.

GT.net provides four points of protection for your data.

At GT.net, our team of experts has more than 20 years’ experience working with clients internationally on data privacy and secure hosting. We own all our hardware, build our own core software tools, and partner with a select number of hosted technologies to provide cost effective, timely data sovereignty compliance solutions that meet your business and performance requirements.

GT.net provides end-to-end service that includes system and process audits to optimize both performance and privacy; multi-region managed hosting facilities to ensure high data availability and security; enterprise-grade technology and capacity; and of course, an absolute commitment to your organization’s privacy.

Reach out today to find out more.