News, Analysis and Informed Opinions from the Industry Experts.
GDPR and the Impact on Local Data Storage
General Data Protection Regulation (GDPR), which the EU adopted on 14 April 2016, comes into force today (25th May 2018). GDPR is the new regulatory law on data protection and privacy for all individuals within the European Union, replacing the 20+ year-old Data Protection Directive from 1995. It will also impact businesses outside of Europe that control or process personal data from individuals within the EU. How businesses control and process data will undergo significant change, due to the stricter data protection standards and fines associated with the new law.
Many actions are being taken by businesses to comply with GDPR, with several likely to influence usage and demand for data storage, as regulation to what and how information is stored comes into effect.
“Data protection by design and by default” is one of the obligations introduced by GDPR. It states that data protection should be considered from the start and throughout the design process of a system. However, many businesses are running legacy IT systems which are not “data protection by design and by default”, such systems are often grown organically with many patches to address additional needs and issues arising over time. Such systems typically carry lower data security measures and can be a huge challenge for SMEs to redesign from a time, cost and resource perspective. With the introduction of GDPR there is a notable rise in SMEs transitioning to cloud-hosted service providers, which have the benefit of rapidly aligning business systems to accommodate the new regulation. Consequently, the requirement for local storage in both employee laptops and local servers reduces dramatically.
Additionally, personal data breach from loss or theft of an employee’s laptop can result in serious fines, with businesses now recommended to not store any personal data locally on an employee’s device. The convenience and benefit of local data storage however is still clear, carrying significant value for businesses. Encryption therefore will be essential for compliance, allowing protection from unauthorised access but continued usage of local storage capacity. The standard software encryption (e.g. bitlocker) slows down the read and write speed of a drive, this effect is less noticeable for solid state drives (SSD) than hard disc drives (HDD) - especially for IOPS intensive applications. This slower performance of encrypted HDD is expected to see businesses that are still using HDD based PCs to switch to SSD devices and SSD contained devices, resulting in an upturn in demand in the channel as well as from PC OEMs.
Portable drives such as USBs have been hugely popular due to their small profile and relatively large capacity, but these points are also a security risk, with such devices easily misplaced or stolen. There have been several high-profile cases where personal information was breached due to employees losing USBs. Two compliance recommendations are to restrict use of portable drives like USBs and/or add encryption to the device. More extreme action has already been taken by IBM, where employees have been prohibited from using USB sticks in the interest of data protection. Although it is unclear if other companies will follow IBM’s lead, the use of portable drives, especially USBs in the business environment, will certainly decrease under GDPR.
Self-encrypting drives using hardware-based encryption, on which every file is automatically encrypted, will see a lift in popularity because of GDPR. These devices also tend to have better performance than software-based encryption devices and are generally easier to operate, with encryption being transparent to the user. In addition, they require minimal set-up and deploy time which makes it ideal for both B2B and B2C use.
Overall, demand for local B2B storage products will inevitably reduce as storage continues to move to cloud based storage solutions, ultimately data-centres. There will however be the continued requirement for storage products given the obvious benefits related to them, notably benefitting the SSD and self-encrypted market segments.
Looking at the wider landscape for storage, the expected reduction in local storage product demand will inevitably translate into higher demand for data centres. As the industry mantra goes…the only certainties in life are Death, Taxes and Data Storage Growth.
Here at Futuresource Consulting we deliver specialist research and consulting services, providing market forecasts and intelligence reports. Since the 1980s we have supported a range of industry sectors, which has grown to include: CE, Broadcast, Entertainment Content, EdTech and many more.