If your year has been anything like mine, then 2017 has been a busy one, and depending on the sector you work in you may getting into the busiest time of year for your business. Things do not stand still for long in the data center world and 2018 promises to be very busy, especially as companies continue to explore new technologies such as IoT platforms and devices, mobility, and upgrading their infrastructure to meet the needs of these very demanding applications.
Aside from the fun part of our jobs – looking at how we can make technology drive our businesses forward with new products and services, enabling employees to be more productive, or cutting costs – there are also some important regulatory directives that we all need to be taking care of in the year ahead…
GDPR is the EU General Data Protection Regulation, and it comes into force on May 25th 2018, and will impact your business and the physical security aspects of your data center. It completely updates the way that EU member states and any company that transacts with the EU or holds data on its citizens (and those of the European Economic Area) must store secure and manage personal data. The fines for misuse and misappropriation of data are huge: up to four percent of global revenues or €20 million, whichever is the higher.
Focusing on physical security, GDPR is relevant. If your data center physical security is breached and equipment stolen, it is very possible that personal data has left your possession. This is a data breach, it’s not simply about lost laptops and online hackers – the incident would need to be reported under GDPR within 72 hours. Physical security and access control both have a huge role to play under this regulation, so make sure you have reviewed this as part of your GDPR preparations.
January 1st 2018 is stage 1 deadline for implementing the EU Ecodesign directive (EU Directive 2009/125/EC). This was first introduced in 2009 and defined a framework of mandatory requirements for products that use energy, or are related to the use of energy. This means that from this date it will be illegal across the EU to ship products that do not meet the new standards laid out following the directive. When you order products from manufacturers it is their responsibility to ensure they are compliant, even if you order products before that deadline, they must comply if they are being shipped from January 1st.
Whilst most designers and manufacturers will be scrambling to ensure they are ready ahead of time, some may still have old stock that they want to get rid of before the end of the year. Make sure you look at how the specifications of the equipment you intend to use are changing, and don’t get caught out with discounted, possibly inefficient equipment.
This is the industry standard framework for establishing, implementing, maintaining and improving a company’s energy management system and allows continual improvement on energy performance, including energy efficiency, energy security, energy consumption. Whilst it is not new, and the current version has been in place since 2011, a new version is in the process of being developed and will be released in June 2018 (it was originally not due until 2019). This means that if certification was on your agenda for next year, that you should consider that the requirements will be different from June. ISO 50001 can be extremely valuable in helping a company reduce costs and meet its own carbon and energy efficiency targets, something that constantly grows in importance environmentally, politically and socially. Make sure consider the changing criteria, so that your efforts in preparing for assessment are not wasted.
Keeping the regulatory ship in good order
It is easy to feel negatively about the regulatory compliance we all must adhere to but it is there for good reason, and in all of the cases above it can make your business more secure and efficient. Whether you’re coming into a busy or quiet time of year, you need to plan for these changes in 2018, so that your ship is kept in good order!
Chris Wellfair is a projects director at Secure I.T. Environments