February 13-15, 2019
Elephant Hills Hotel, Victoria Falls, Zimbabwe

DCA Logo

03 Dec 2018

Why APAC data center providers should care about GDPR

Data Centre Afrika

The European Union’s (EU) General Data Protection Regulation (GDPR) was crafted in response to growing public discomfort over the volume of data collected on individuals without them knowing about it. First introduced in 2016, GDPR became effective on 25 May this year, superseding earlier privacy regulations.

Under GDPR, the exact uses of personal data must be specified prior to collection, and explicit consent must be given by the user; it can be withdrawn at any time. Individuals also have the right to review what an organization knows about them, and can request for their data to be erased, also known as the right to be forgotten.

Speaking at DCD>Converged in Hong Kong earlier this month, David Rainsford, the managing partner of of Albenque Advisors, briefed the attendees on GDPR and its implications for data center providers in the region.

David Rainsford David Rainsford, Albenque Advisors – DCD Why it matters

Why would GDPR matter to data center operators and businesses in Hong Kong, or the Asia Pacific region? Rainsford posed this question instead: “How can you be sure that you don’t have any European citizen data in your database?”

“They don’t really care where your data center is, where your website is hosted, or where your business is registered. If you have data about individuals who are living in the EU or the EEA [European Economic Area], they believe that you are subject to their law,” he explained.

And with fines that can go as high as €20 million ($22.56m), or four percent of the organization’s global turnover, this is no idle question. Using October’s massive data breach at Hong Kong-based Cathay Pacific airline as an example, Rainsford talked about a hypothetical fine of HK$3.88 billion ($495m), extrapolated from the airline’s revenue in 2017, to underscore the potential impact of penalties.

“[GDPR] was designed to protect the right of individuals, not to make life easier for privacy officers. It was not designed to make life easier for data center or marketing managers. And when we talk about the fines, it’s basically to create so much pain that you will rather deal with this, rather than face the risk of having to go to the board to explain why you are going to get fined, or why you have a pending lawsuit,” Rainsford said.

Broad implications

Rainsford was quick to concede that there is simply no way to know how a GDPR lawsuit will play out in the courts. With no legal precedent, it is essentially uncharted territory.

Advising against adopting a 'wait and see' approach, he highlighted some examples to illustrate the many ways GDPR could rear its head in Asia. He cited the entirely plausible example of a holidaying UK resident who downloads an app to get free Wi-Fi in Hong Kong: “If I start taking their data, then from the EU point of view, I have broken the law.”

There are also scenarios that are less clear-cut: “Someone who came [to Hong Kong] on a project to build a data center. They may domicile in Europe for taxation purposes and may be an EU passport holder. They may say, ‘I’m a European, I expect to be treated as a European under the law.’”

FIn addition, businesses must have their incident response plan ready for the inevitable security incident. In line with GDPR, data breaches must be reported to the local authorities within 72 hours of being discovered, which means that any response plan must already be documented and signed off by the board before a cyberattack happens.

Take action today

Rainsford's recommendation for local businesses is to go through a classification exercise to review the data they have on individuals and ascertain their level of risk where GDPR is concerned. Alternatively, businesses can approach this exercise by working out ways to ensure that they don’t have any data collected from EU individuals.

He urged businesses to act early: “Start taking steps to comply now. Look at your existing policies and procedures, look at agreements that you have with partners.

“You may be subject to GDPR even if you are processing information in Hong Kong. The penalties for this are very severe. They are intended to be severe. [The framework] is built on the philosophy that individuals own their data. There is still a lot of uncertainty because this is a new law, new regulations. Despite the uncertainties, I would encourage you to take action now.”

Source: https://www.datacenterdynamics.com/analysis/why-apac-data-center-providers-should-care-about-gdpr/?mkt_tok=eyJpIjoiWlRJMlltVmlaakl4TlRVNCIsInQiOiJWRkRYWkkwbW9QV2g4YUFjdGYxN2xmQ1Vha09Xb0xlYUJcL21SRGlFRU43Z2dQQ2N4dG5GNkpPYWl0eXJOdlVWU1wvOWJ4Tm5pYldwUlY3WnhMRFwvaWxCNWtJM0pnRFMwU2Y5WndMdHNoejd4ZWltcm5vSFRFSnpURGFzbk1VUko3RCJ9

View all Press Releases
Join us at Data Centre Africa which opens in...

Join us at Data Centre Africa which opens in...




Join the world of elite certified data centre professionals!

DCA partners with EPI, the world leader in data centre education

DCA is bringing for the second time to Zimbabwe, the global leading CDCP training and certification for data centre professionals

DCA has partnered with EPI to enable an EXCLUSIVE offer available only with DCA. 



  • We were looking for a place that is a premium vehicle for our products, a wide demographic to grow our business and 2 day’s worth of sales leads to grow over the next 12- 18 month and that is exactly why we are at Data Centre Africa 2019. We have had great conversations and looking forward to creating business with the leads generated from the 2 days.
    David Howe
    CEO, Dermat Limited
  • Data Centre Africa Conference is the go to event for exhibitors in the data centre sector. We want to see the event grow and develop into a leader of all data centre industry events and that’s why we exhibit here. The event will definitely not disappoint, we are looking forward to see many clients & customers multiple new faces – this will lead to lots of visitors coming to ask questions, new networking opportunities and leads.
    Jack Peckham
    Business Development Manager, Rene Electronics

Sign up for the newsletter