Upcoming EU data regulations cause headache for firms in the cloud
4 February 2016 |
Just one in five companies are confident they will comply with the upcoming EU General Data Protection Regulation (GDPR), according to new research.
A survey by Netskope and YouGov revealed that only 21 per cent of IT professionals in medium and large businesses felt they would comply with upcoming legislation.
The GDPR is expected to be finalised in spring this year and enforced from 2018.
“The GDPR will have far-reaching consequences for both cloud-consuming organisations and cloud vendors,” said Eduard Meelhuysen, vice president for the EMEA region at Netskope.
“With the ratification of this piece of legislation imminent, the race is on for IT and security teams who now have two years to comply.
“Although that might sound like a lengthy timeframe to complete preparations, the significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline.”
Another 21 per cent said they thought their cloud providers would handle compliance on their behalf, when in fact the wording of the regulations says this cannot be the case.
Meanwhile, 18 per cent of those surveyed admitted the topic of compliance and regulation surrounding cloud apps “strikes fear into their hearts”.
29 per cent of IT professionals are aware employees use “some” or “many” unauthorised cloud apps within their businesses, but only seven per cent of those from medium and large organisations said they have a solution in place to deal with unsanctioned apps.
This is a concern because cloud apps often create unstructured data that is out of the organisation’s control, posing a risk to GDPR compliance.
“The key is to start preparations as soon as possible,” advised Meelhuysen.
“The technical challenges are made even more significant by the myriad complications presented by the cloud and shadow IT, which make personal data even harder to track and control.
“As a starting point for GDPR compliance, organisations need to conduct an audit to ensure they understand what cloud apps are in use – both sanctioned and unsanctioned – and what data are in those cloud apps.”