View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Leadership
  2. Digital Transformation
December 22, 2015updated 28 Mar 2017 4:28pm

Regulation: restriction or opportunity?

By John Oates

We live in an uncertain world. The rules keep changing, not just for how to run a successful business but even in the more fixed world of regulation and compliance.

The recent row over Safe Harbour – which allowed companies to send data to the US without having to carry out exhaustive legal checks – is the perfect example.

Way back in the summer of the year 2000 US and European regulators agreed the Safe Harbour principles to allow increasingly connected companies to transfer data between EU and US-based computers without red tape.

This has allowed a multitude of new services to flourish and allowed European businesses to find the most cost effective way to store customer data.

Think of Dropbox, Hotmail or Facebook – they could store customer data wherever was most convenient. And thousands of European companies could use their services without fear of breaking their own local data protection laws.

But in October those rules were thrown out by the European Court of Justice.

The next day thousands of businesses woke up without the legal protection their services required to function. It even left the regulators and experts confused.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The ruling has major implications for cloud providers – or any business relying on cloud provision for parts of their infrastructure.

The advice from the Information Commissioner’s Office is ‘Don’t panic’ and ‘Wait and see’.

It is telling companies to firstly take stock of what data transfers are already taking place. Then consider on what legal basis this is happening.

If this includes relying on the legal protection of Safe Harbour then still ‘Don’t panic’ – it may be that a new agreement is reached.

But it might also be worth looking at setting up your own legal agreements. In simple terms you need to get US providers to follow stricter European data protection laws when dealing with your, or your customers’, data.

New rules mean new business

But of course where there is new regulation, or at least uncertainty over regulation, there is also a business opportunity for the agile business.

Some companies have already decided to avoid uncertainty and move their data back to Europe, and some are already offering this as a service to their customers too.

Many companies, including HP Enterprise’s Cloud 28+, are offering cloud services which follow local laws. HPE’s ‘black box’ approach means the services are run by local partners. It is essentially a catalogue of cloud-based business services which match local, or even cross-border, legal requirements.

The flexibility of hybrid architecture means a business can adapt and thrive to changing regulatory environments as quickly as it can adapt to the changing business environment.

In a world where regulation and government oversight seem likely to play an ever-more important role the ability to react fast to such changes will quickly become a real competitive advantage.

Where once business needed to change rapidly in response to the vagaries of the market today’s companies need that same agility, aided by flexible technology, to deal with equally capricious regulators.

Banks are becoming experts at this as their business comes under closer scrutiny from regulators. The central role of technology and data protection mean that IT departments need to learn similar lessons.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.