New European Data Regulations May Trip Up Cloud Firms

Aug 11, 2014

New esearch claims that cloud service providers may be poorly prepared for incoming EU data privacy regulations.

According to the findings of Skyhigh Networks, which took a fine-tooth comb to its CloudRegistry of some 7,000 cloud services, only one per cent of vendors meet the stipulations of the imminent EU General Data Protection Regulation, which is expected to come into play in 2015, replacing the 1995 Data Protection Directive.

The new legislation lays down regulations on data residency, encryption and security and deletion policies, along with the controversial 'right to be forgotten' ruling applied to Google and other search engines.

In terms of data residency, only eleven counties currently comply with EU privacy requirements, and the US isn't one of them – which could be a problem, as the States is where two-thirds of all cloud providers have their HQ.

Data breach notification is another thorny area, with the new laws requiring companies to notify EU authorities inside 24 hours of a data breach – even if the breach happens due to a third-party cloud provider. However, if the organisation doesn't spot the breach – as is often the case, with many cloud providers putting the onus on the company to do so – then reporting it so quickly will obviously be tricky to say the least.

Skyhigh notes that some existing laws such as the UK General Data Protection Regulation can allow a company to get round such a tight time limit on notification if their data is encrypted, but only 1.2 per cent of cloud providers offer the tenant-managed encryption keys required to do this.

Charlie Howe, Skyhigh Networks EMEA director, commented: "It's staggering how few cloud providers are prepared for the new EU regulations but, fortunately, there's still time for providers to get into shape. This means addressing a number of complex issues now, such as the right to be forgotten, as well as implementing data protection policies that meet these new standards."

He added: "For cloud providers this will inevitably require additional resources and expenditures, but it's a snip given the proposed penalties for violating the new laws, which can be up to five percent of a company's annual revenue or up to €100 million [£80 million]."

Author: Darren Allan
View the original article here.
Published under license from ITProPortal.com
Cloud computing / data breach / encryption / eu / general data protection regulation / Google / ITProPortal / Partners

Comment

 

Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now

Partner

24Newswire
Sign up to receive latest news

Twitter Feed

Why does pubsec ICT PR firm @MantisPR want to be at the upcoming #eventcentreUK THINK Digital Vendors 2016 event? https://t.co/3tE5o7aMmO
@24nbiz
Apr 01, 2016
@thinkdigicon supporter @Adv365 sets out its stall for tomorrow's landmark #gcloud event https://t.co/FQraJP2yyg
@24nbiz
Mar 21, 2016
@thinkdigicon supporter @Adv365 explains why it's supporting tomorrow's show https://t.co/2Wj3UECo9s
@24nbiz
Mar 21, 2016
@24n.biz: what's the final agenda for tomorrow's @thinkdigicon #gcloud @GOVUKdigimkt show? https://t.co/6CASi8lrnU
@24nbiz
Mar 21, 2016