GDPR and the Impact on Local Data Storage

General Data Protection Regulation (GDPR), which the EU adopted on 14 April 2016, comes into force today (25th May 2018). GDPR is the new regulatory law on data protection and privacy for all individuals within the European Union, replacing the 20+ year-old Data Protection Directive from 1995. It will also impact businesses outside of Europe that control or process personal data from individuals within the EU. How businesses control and process data will undergo significant change, due to the stricter data protection standards and fines associated with the new law.

Many actions are being taken by businesses to comply with GDPR, with several likely to influence usage and demand for data storage, as regulation to what and how information is stored comes into effect. 

“Data protection by design and by default” is one of the obligations introduced by GDPR. It states that data protection should be considered from the start and throughout the design process of a system. However, many businesses are running legacy IT systems which are not “data protection by design and by default”, such systems are often grown organically with many patches to address additional needs and issues arising over time. Such systems typically carry lower data security measures and can be a huge challenge for SMEs to redesign from a time, cost and resource perspective. With the introduction of GDPR there is a notable rise in SMEs transitioning to cloud-hosted service providers, which have the benefit of rapidly aligning business systems to accommodate the new regulation. Consequently, the requirement for local storage in both employee laptops and local servers reduces dramatically. 

Additionally, personal data breach from loss or theft of an employee’s laptop can result in serious fines, with businesses now recommended to not store any personal data locally on an employee’s device. The convenience and benefit of local data storage however is still clear, carrying significant value for businesses. Encryption therefore will be essential for compliance, allowing protection from unauthorised access but continued usage of local storage capacity. The standard software encryption (e.g. bitlocker) slows down the read and write speed of a drive, this effect is less noticeable for solid state drives (SSD) than hard disc drives (HDD) - especially for IOPS intensive applications. This slower performance of encrypted HDD is expected to see businesses that are still using HDD based PCs to switch to SSD devices and SSD contained devices, resulting in an upturn in demand in the channel as well as from PC OEMs.

Portable drives such as USBs have been hugely popular due to their small profile and relatively large capacity, but these points are also a security risk, with such devices easily misplaced or stolen. There have been several high-profile cases where personal information was breached due to employees losing USBs. Two compliance recommendations are to restrict use of portable drives like USBs and/or add encryption to the device. More extreme action has already been taken by IBM, where employees have been prohibited from using USB sticks in the interest of data protection. Although it is unclear if other companies will follow IBM’s lead, the use of portable drives, especially USBs in the business environment, will certainly decrease under GDPR.

Self-encrypting drives using hardware-based encryption, on which every file is automatically encrypted, will see a lift in popularity because of GDPR. These devices also tend to have better performance than software-based encryption devices and are generally easier to operate, with encryption being transparent to the user. In addition, they require minimal set-up and deploy time which makes it ideal for both B2B and B2C use.

Overall, demand for local B2B storage products will inevitably reduce as storage continues to move to cloud based storage solutions, ultimately data-centres. There will however be the continued requirement for storage products given the obvious benefits related to them, notably benefitting the SSD and self-encrypted market segments.

Looking at the wider landscape for storage, the expected reduction in local storage product demand will inevitably translate into higher demand for data centres. As the industry mantra goes…the only certainties in life are Death, Taxes and Data Storage Growth.

About the author

Erik Huang

Erik is the lead analyst for Futuresource’s flash media tracking of USB and Memory cards. He is also a key analyst contributing to Futuresource’s other storage media tracking which includes SSD and HDD as well as on various consumer electronics areas: gaming content and hardware, dashcams, drones, action cameras and headphones.

Erik’s experience in storage product segments and a wide range of consumer electronic products creates a unique perspective of storage products and host devices. Erik joined Futuresource Consulting in 2017 after completion of a master’s degree in Human-Computer Interaction at University College London (UCL) and a bachelor’s degree in Psychology at Brunel University.