Cloud apps failing EU GDPR privacy regulation compliance so far
techtarget | July 13, 2016
Cloud apps and cloud customers face challenges in complying with the EU GDPR as the new data protection regulation is set to take effect in less than two years. to take effect in less than two years, privacy issues in the cloud will pose serious challenges. According to a report on readiness in the cloud, as many as 75% of all cloud apps used in enterprises is out of compliance with the new rules. The EU's General Data Protection Regulation (GDPR) will require all companies, no matter where they are located, to protect the privacy of any data they collect, store or process that relates to a resident of the EU and the global nature of the cloud means that under the new rules, many companies may be exposed to potential compliance challenges without even realizing it, if they are using the cloud to store or process the personal data of EU residents. "The shift to the cloud presents an increasing complexity and volume of security challenges for enterprises, including regulations like the EU GDPR," said Sanjay Beri, CEO and founder of Netskope, based in Los Altos, Calif. "With the deadline for compliance looming, complete visibility into and real-time control over app usage and activity in a centralized, consistent way that works across all apps is paramount for organizations to understand how they use and protect their customers' personal data." "This is the first time that data processors [cloud providers] actually have a direct compliance risk and obligation under the regulation," Deema Freij, global data privacy officer for enterprise software maker Intralinks Inc., based in New York, told SearchSecurity. Previously, privacy compliance in the EU was the burden strictly of the "data controller": the organization that collects and uses the data subject to the GDPR. "Now, it's actually both data processors and data controllers. They would be liable and they have their own obligations under the GDPR."