Business Cloud News
CSOs are likely to benefit from the EU data protection policy overhaul

CSOs are likely to benefit from the EU data protection policy overhaul

The EU will soon impose data protection legislation reforms in a bid to ensure more robust privacy guarantees and unify the data protection law across European member states. Peter Groucutt, managing director at cloud-based backup service provider Databarracks said the move will likely mean enterprises will be more willing to double down on IT security. But are cloud vendors in a  position to capitalise on a potential boom in IT security spending?

The comprehensive reform of the EU’s 1995 data protection rules, which is to come into effect following the conclusion of negotiations on its implementation between European Parliament and the Council of Ministers, will unify the legal landscape for data protection in Europe and promises to impose steep penalties for violating the new rules.

Among the penalties include the imposition of fines of up to €100m or 5 per cent of global turnover for a company found to be violating the new rules.

Under the proposed law, liability for data breaches and violations of the law will be shared between data controllers (organisations that own the data) and data processors (such as cloud providers that store the data).

“Often, the fines imposed on organisations that suffer data breaches are nothing more than a slap on the wrist. They do little to encourage organisations to address the real problems with their security practices,” Groucutt said.

“Partly it’s because, until now, they haven’t had to. The penalties for data loss have been so minimal that it hasn’t been a worthwhile investment to update existing policies.”

Groucutt explained that the impending changes and the consequences have not only made IT security a ‘boardroom issue’, but will likely allow CSOs to secure additional funding to bolster IT security initiatives.

“CSOs have always had to balance risks with the cost of protection. This gives them the power to really enact changes in their organisations. We only need to look at the most recent fines from the ICO to see what happens without investment in up-to-date IT practices,” he said.

“It can be very easy to think of data protection as niche issue for the compliance department or your legal and IT teams. The sheer size of the proposed fines makes this an operational issue and a priority for the board of directors,” he added.

But while CSOs may indeed find extra funding to play with cloud service providers may struggle to capture a share of the revenue. A recently published study featuring a survey of more than 7,000 cloud services commissioned by IT security provider Skyhigh Networks suggests suppliers are struggling to meet data residency, data breach, notification, encryption, detection and data deletion requirements under the reformed law.

The vendor said just 1 per cent of cloud service providers are ready in compliance terms for the impending EU data protection act.