Netskope, the leading cloud access security broker, today announced that only one in five companies are confident that they will comply with the upcoming EU General Data Protection Regulation (GDPR).
According to the findings of the research, which surveyed over 500 businesses, only 21% of IT professionals in medium and large businesses felt sure they would be able to comply with upcoming regulations, including the GDPR – which is set to be finalised in spring 2016 and enforced from 2018.
A further 21% of respondents assumed that their cloud providers would handle compliance obligations on their behalf, which is explicitly not the case, according to the wording of the GDPR. A further 18% of those surveyed admitted that the topic of compliance and regulation surrounding cloud apps “strikes fear into their hearts,” highlighting the extent of confusion and concern in light of the coming changes to the regulatory landscape.
Asked specifically about cloud app use, 29% of IT pros said that they were aware employees use ‘some’ or ‘many’ unauthorised cloud apps within the business. A tiny 7% of respondents from medium and large organisations said they had a solution in place to deal with the use of unsanctioned apps within the workplace.
The problem with these unsanctioned apps is that they are much harder to manage than other cloud apps because the data involved is unstructured and often shared with other users.
Eduard Meelhuysen, VP EMEA, Netskope said: “The GDPR will have far-reaching consequences for both cloud-consuming organisations and cloud vendors. With the ratification of this piece of legislation imminent, the race is on for IT and security teams who now have two years to comply. Although that might sound like a lengthy timeframe to complete preparations, the significant scope of these reforms means that businesses have their work cut out to ensure compliance in time for the EU’s deadline.”
Under the GDPR, organisations must be sure that personal data are processed in ways consistent with the regulation. This means that businesses must take organisational and technical measures, beyond traditional security measures that are aimed at confidentiality, integrity and availability of the data, in order to ensure compliance with the GDPR.
Meelhuysen said: “The key is to start preparations as soon as possible. The technical challenges are made even more significant by the myriad complications presented by the cloud and shadow IT, which make personal data even harder to track and control. As a starting point for GDPR compliance, organisations need to conduct an audit to ensure they understand what cloud apps are in use – both sanctioned and unsanctioned – and what data are in those cloud apps.”
Find out more about the GDPR on Lexology.