We live in an uncertain world. The rules keep changing, not just for how to run a successful business but even in the more fixed world of regulation and compliance.
The recent row over Safe Harbour – which allowed companies to send data to the US without having to carry out exhaustive legal checks – is the perfect example.
Way back in the summer of the year 2000 US and European regulators agreed the Safe Harbour principles to allow increasingly connected companies to transfer data between EU and US-based computers without red tape.
This has allowed a multitude of new services to flourish and allowed European businesses to find the most cost effective way to store customer data.
Think of Dropbox, Hotmail or Facebook – they could store customer data wherever was most convenient. And thousands of European companies could use their services without fear of breaking their own local data protection laws.
But in October those rules were thrown out by the European Court of Justice.
The next day thousands of businesses woke up without the legal protection their services required to function. It even left the regulators and experts confused.
The ruling has major implications for cloud providers – or any business relying on cloud provision for parts of their infrastructure.
The advice from the Information Commissioner’s Office is ‘Don’t panic’ and ‘Wait and see’.
It is telling companies to firstly take stock of what data transfers are already taking place. Then consider on what legal basis this is happening.
If this includes relying on the legal protection of Safe Harbour then still ‘Don’t panic’ – it may be that a new agreement is reached.
But it might also be worth looking at setting up your own legal agreements. In simple terms you need to get US providers to follow stricter European data protection laws when dealing with your, or your customers’, data.
New rules mean new business
But of course where there is new regulation, or at least uncertainty over regulation, there is also a business opportunity for the agile business.
Some companies have already decided to avoid uncertainty and move their data back to Europe, and some are already offering this as a service to their customers too.
Many companies, including HP Enterprise’s Cloud 28+, are offering cloud services which follow local laws. HPE’s ‘black box’ approach means the services are run by local partners. It is essentially a catalogue of cloud-based business services which match local, or even cross-border, legal requirements.
The flexibility of hybrid architecture means a business can adapt and thrive to changing regulatory environments as quickly as it can adapt to the changing business environment.
In a world where regulation and government oversight seem likely to play an ever-more important role the ability to react fast to such changes will quickly become a real competitive advantage.
Where once business needed to change rapidly in response to the vagaries of the market today’s companies need that same agility, aided by flexible technology, to deal with equally capricious regulators.
Banks are becoming experts at this as their business comes under closer scrutiny from regulators. The central role of technology and data protection mean that IT departments need to learn similar lessons.
