General Data Protection Regulation (GDPR) is a set of rules for the EU citizens to protect and have control over their personal data when stored by any organisation. Any company which collects and stores data related to the people of the EU is required to comply with this regulation.

With GDPR enforced, any organisation who collects, stores, and disseminates personal data are responsible for its processing, protection, and any misappropriation of the gathered data. GDPR compliance also requires the organisation also has to respect the rights of the owners of the data. Violating the security and privacy terms by GDPR will result in penalties reaching into the tens of millions of euros.

Any data centre located in European Union(EU) is required to comply with the GDPR act. Article 17, ‘Right to be Forgotten’ in the EU GDPR talks about how the data subject has the right to request to remove data from any system. Many users believe, once a request to delete is made, data is deleted from all repositories, including the database backups stored in a different location. However, this may not always be true unless the data centres are bound by the data protection regulations of the country to protect the sovereignty of your data.

EU-based vendors and cloud providers with data centers within Europe must protect their network, systems, and devices from any unauthorised access to data as part of their compliance to GDPR. Appropriate data encryption methods for both in-transit and at-rest should be in place to avoid further security threats during data communication.