In May of 2018, new European data protection laws are set to come into effect in response to growing concerns over user privacy. Called the General Data Protection Regulation (GDPR), these laws regulate, among other things, how data is stored and processed. They will require datacenters to delete user information upon request and will hold operators to a certain level of physical site security.

Although at first glance these regulations appear to only impact European datacenters, this assumption is not correct. According to Benjamin Wright, attorney and instructor at the SANS institute, the regulations impact any datacenter storing or processing the data of Europeans [1]. He says operators will have to ensure that they are either GDPR compliant or do not handle European data. This will require a more granular control over data storage and processing than is currently the industry standard. Companies must be very careful to ensure European data is handled only by approved datacenters; otherwise they may be subject to fines of up to 20 million Euros or 4% of annual global revenue, whichever is higher [1].

Datacenters will likely begin treating GDPR compliance as a selling point for firms looking to do business in Europe. This was the case with the Amazon Web Services’ (AWS) datacenters to which Dropbox moved its operations in 2016 [2]. This means non-compliant datacenters will lose out on customers wishing to store or process European data. For those companies that do want to comply, compliance will not be a trivial matter. It will require datacenters to, among other things, conduct detailed risk assessments and report any data breaches to affected customers within 72 hours [2].

Another aspect of the GDPR for which datacenters must prepare is the rise of personal data erasure requests. These requests, enshrined into law in the GDPR, allow users to force datacenters to delete any and all of their stored personal data . Datacenters must be ready to process a large volume of requests in a quick and efficient manner; but current technology may not be ready to handle this use case.

In fact, Gartner, an IT research firm, believes that by the end of 2018 50% of datacenters will remain non-compliant with the terms of GDPR [3]. This means they will not be able to process or store European data without risking massive fines. Clearly the 50% of firms that adapt quickly to the new regulations, either by conforming to them or removing European data, will be at an advantage over the other 50%.

Author: Thomas Menzefricke

[1] Maria Korolov | Aug 01, 2017. (2017, August 02). What Europe’s New Data Protection Law Means for Data Center Operators. Retrieved December 27, 2017, from

Smolaks, M. (2016, September 23). Dropbox moves into European data centers to comply with regulation. Retrieved December 27, 2017, from

Forni, A. A., & Van der Meulen, R. (2017, May 3). Gartner Says Organizations Are Unprepared for the 2018 European Data Protection Regulation. Retrieved December 27, 2017, from