With just two years to go before they have to comply with the European General Data Protection Regulation (GDPR), many UK businesses will have their fingers crossed for a Brexit vote in the forthcoming EU referendum to get them off the hook. Those crossing their fingers, however, are likely to be disappointed as, come 2018, the new data protection rules and fines for non-compliance will apply to any organisation offering goods or services to EU citizens. And that will include companies based in the UK, whether voters opt to stay in or leave.

This is an important distinction, especially in light of research conducted by Ovum which shows companies around the world already being forced to review their business strategies in light of the GDPR legislation (Data privacy laws: Cutting the redtape). A good number may even consider giving up on the EU market altogether rather than bear the cost of compliance, with over half the companies surveyed seeing fines as inevitable if they don’t.

No outsourcing of responsibility

On the plus side, GDPR will replace an existing mashup of national data protection rules variously enforced across the 28 EU member states which, in theory should make compliance less onerous. However, there are wider implications to take into consideration, especially with regards to the use of the public cloud as GDPR compliance will be a requirement both for businesses trading with the EU and cloud service providers processing and storing customer data on their behalf.

Here again, the country in which the service provider operates and the location of any data they hold is of no relevance. If the data a service provider processes or holds pertains to EU citizens, they have the same two years to make any technical changes and implement new procedures needed to meet the requirements.

Service providers could also be liable to fines for any breaches, but liability doesn’t end there. Businesses using non-compliant services could equally face sanctions despite their due diligence and inability to influence how the services they use are configured and managed.

Most service providers will do their best to comply, but there are no guarantees and that’s a real concern as the penalties for non-compliance could be as much as 2% of annual worldwide sales.

A perfect storm

As if the EU referendum and the countdown to GDPR were not enough, businesses trading in and with Europe are also having to deal with the on-going Euro crisis and the pressures of mass migration in the EU area from conflict areas. A mix of pressures helping to create a perfect storm which couldn’t have come at a worse time for enterprise IT. Especially in businesses with on-prem data centres based on traditional 3-tier technologies already struggling to keep pace with the digital transformation and other ongoing demands

Upgrading to something bigger and better is always an option, but the economics of upgrading three-tier infrastructures are fast reaching a tipping point where the cost of the increased complexity is outstripping the benefits gained from potential performance and capacity gains. As a result, CIOs are looking elsewhere for something better, with many casting envious glances at the business agility, management simplicity and pay-as-you-grow economics of the public cloud.

That said, despite the growing popularity of public cloud services from Amazon, Google, Microsoft and others many business are reluctant to compromise on the security, control and compliance benefits of the on-premise datacenter.

Compromise not a prerequisite

The good news is that on-prem data centres can be configured to more economically deliver the same levels of scalability, agility and availability as the public cloud. Not by simply building a private cloud using old-style 3-tier technologies, but what we at Nutanix refer to as an enterprise cloud, built using the same kind of hyperconverged infrastructure behind the big name public cloud services.

Offering the same kind of and pay-as-you-grow economics as the public cloud, an on-prem enterprise cloud also helps when it comes to GDPR compliance. Not least because it puts the customer back in the driving seat, reducing the risk of the business being fined for the shortcomings of a service provider over which it may have little or no control.

Of course the one thing an enterprise cloud can’t do is forecast the result of the EU referendum but, whatever the outcome, there is no better time to explore what the approach has to offer. In particular how it can provide much needed peace of mind amid the political uncertainty and mounting complexity of data regulation and compliance faced by any enterprise looking to do business with the EU.