Only 21% of IT professionals in UK medium and large businesses are sure about their compliance with the EU General Data Protection Regulation (GDPR), while 18% admitted that the matter "strikes fear into their hearts", a Netskope-YouGov research has revealed.
A further 21% have the wrong idea that their cloud providers would take care of their compliance requirements, which is not the case as explicitly mentioned in the GDPR.
The survey commissioned by cloud access security broker Netskope attempts to highlight the extent of confusion and concern among businesses in light of the new regulatory requirements.
The European Commission is currently finalising the GDPR, which will come into force in 2018. The regulation formulates uniform rules across the EU for how businesses deal with personal data.
In addition to providing individuals a better control over their data, the move is expected to enable businesses across the continent to benefit from a Digital Single Market, where unified rules would cut red tape.
According to Netskope, organisations are going to face a compliance challenge due to cloud apps used by employees, as the data created is often unstructured.
Netskope EMEA vice-president Eduard Meelhuysen said: "The GDPR will have far-reaching consequences for both cloud-consuming organisations and cloud vendors.
"With the ratification of this piece of legislation imminent, the race is on for IT and security teams who now have two years to comply.
"Although that might sound like a lengthy timeframe to complete preparations, the significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline."
Although GDPR deals with unstructured data, it is difficult for the organisations to know how it is created and stored.
29% of those surveyed said that they were aware of employees using ‘some’ or ‘many’ unauthorised cloud apps, while just 7% said their organisations have a procedure to deal with the use of unsanctioned apps within the workplace.
Employees create data using cloud apps such as productivity or collaboration applications, and store it on mobile devices. Shared through unsanctioned applications and cloud storage, this data falls outside the control of the organisation.
Netskope’s cloud report 2015 has found that the average number of cloud apps in use per EMEA enterprise was 608, a 26% increase from the previous report.
"The technical challenges are made even more significant by the myriad complications presented by the cloud and shadow IT, which make personal data even harder to track and control.
"As a starting point for GDPR compliance, organisations need to conduct an audit to ensure they understand what cloud apps are in use – both sanctioned and unsanctioned – and what data are in those cloud apps," Meelhuysen added.
Earlier this week, the EU and the US signed a transatlantic data sharing agreement, which imposes stronger obligations on US companies to protect the personal data of Europeans.
The US has also assured the EU that it will avoid indiscriminate mass surveillance on the personal data of Europeans, and the use will be subject to clear limitations, safeguards and oversight mechanisms.
European Commission vice-president Andrus Ansip said: "Our people can be sure that their personal data is fully protected.
"Our businesses, especially the smallest ones, have the legal certainty they need to develop their activities across the Atlantic.
"The decision helps us build a Digital Single Market in the EU."
Photo: courtesy of FreeImages.com / Luis Tapia.
