Upholding Data Privacy Protections On Data Privacy Day and Every Day

By Patrick Lastennet, Director of Enterprise, Interxion


14 February 2020

In recent years, we’ve seen high-profile data privacy scandals wreak havoc on businesses around the world. In the wake of these breaches, individuals and businesses have developed an expectation that the enterprises they are consuming services from, or doing business with, are protecting their data and privacy now more than ever, no matter where in the world they are located. For this reason, the National Cyber Security Alliance have organised Data Privacy Day on January 28th, as an international effort “to empower individuals and encourage businesses to respect privacy, safeguard data and enable trust.”

But it’s not just on Data Privacy Day that businesses should be prioritising their security strategies. These consumer expectations in today’s sophisticated threat landscape are shifting how businesses must now operate every day of the year, especially considering they also need to adhere to an ever-widening set of data privacy regulations, including the European Union’s General Data Protection Regulation (GDPR) that went into effect in 2018 and the California Consumer Privacy Act (CCPA) taking effect this month.

This challenge hits the financial industry particularly hard, considering businesses in this space – including our customer SumUp, Europe’s leading Mobile Point of Sale (mPOS) provider – are often dealing with appealing consumer information, such as names, dates of birth, social security numbers, addresses and more.

Meeting compliance regulations is complex and challenging but doing so cannot be ignored. As such, businesses, like SumUp, must look to plan their infrastructure, and data handling and storing processes accordingly.

Most enterprises managing customer data are likely leveraging at least one cloud platform, if not several – which becomes increasingly complicated when different service providers have their own processes for maintaining compliance. Enterprises can’t count on their providers’ compliance alone – they must also ensure their own forms of protection.

For SumUp, this meant designing a hybrid architecture which passes transactions between an HSM for key encryption management and AWS so it could reap the benefits of the cloud while also upholding the highest standard of data privacy. SumUp decided to place their hardware in Interxion’s colocation data centre, which housed an HSM, and also afforded it direct access to numerous internet exchanges and cloud platforms, including AWS. Ultimately, this solution enabled SumUp to reduce the distance between the initial transaction, speed up the payment process, and guarantee compliance.

Enterprises can obtain these same benefits by adopting a similar hybrid architectures with Interxion. However, if they’d rather not manage their own HSMs model, whether that be due to not having an opex model, the skills in house to maintain this solution, or otherwise –Interxion also offers Key Guardian, a managed service that provides protection of encryption keys and other cryptographic material, from within its colocated data centre.

By leveraging Interxion facilities to adhere to strict data privacy regulations, businesses can win over the ever-scrutinising eyes of consumers that are holding businesses to higher standard standards.

To learn more about Interxion’s Key Guardian, click here.

To learn more about the success SumUp has seen since leveraging a hybrid architecture via Interxion’s data centre facilities, click here.