Doing Business In Europe? This EU Regulation Update Should Be On Your Radar

If you haven’t been following enterprise technology news in Europe, let us fill you in on a major announcement that will likely affect you if your organization is based in Europe, has operations in Europe, or handles data pertaining to EU residents.

But first, some background.

Late last month, the European Union (EU) announced the funding of a project to boost the European cloud computing market. This project, cleverly called Cloudcatalyst, has been set up for two main reasons – namely to provide tools to boost cloud growth in Europe and overcome barriers to cloud adoption. And the second, to instill confidence in European businesses, public entities, IT providers and other cloud stakeholders eager to both develop, and use cloud services.

According to the European Commission, a large number of “cloud skeptics” have concerns over data security, privacy and legal worries that have hampered cloud adoption across European businesses thus far. And we believe it. We recently conducted a survey of 200+ IT decision makers in Europe to identify the ongoing concerns which IT managers have and challenges they face, with one major finding that 70 percent of respondents cite data security as the most significant concern when it comes to the cloud.

And while 80 percent of that same group say they plan to increase the number of cloud applications across their organisation this year, it’s not without doing their due diligence and overcoming concerns (and frequent headlines) of data breaches that damage brand reputations and customer relationships. (Target’s data breach – and the $110 million fallout – along with Community Health Systems Inc. and United Parcel Service Inc. (UPS) just a few days ago are just a handful of examples.) Then there’s the issue of data surveillance, so it’s no surprise organisations are concerned about where their data is being stored – and tend to ask series of questions before they invest in cloud vendors.

So What’s The (Good) News?

Good question. The good news is that a new E.U. regulation – the EU General Data Protection Regulation (GDPR) – is expected to be passed this year and take effect beginning in 2015. It will have an impact on how data is stored and protected in the E.U., and also bolster the 8.9 percent of US-based cloud providers (yes, Okta is part of the small percentage) that have the U.S. – E.U. Safe Harbour certification to ensure any personal data is collected, used and stored safely from European Union member countries.

The regulation requires businesses not to store or transfer data through countries without strong data protection standards. It also means that any liability for data breaches will be shared between data controllers (organizations that own the data) and data processors (i.e. cloud providers that store the data). And the consequence for violating this law? Up to five percent of a company’s annual revenue or €100 million – whichever is the larger amount.

Our partner Skyhigh Networks published a blog post that goes into more detail on the proposed regulation. The main takeaway? While new regulation and certification can help put data security concerns at ease, at the end of the day, it’s up to organisations to decide what data they put in the cloud.

For those that still have concerns about the cloud, our advice is always the same. It’s imperative to first decide what you want to put in the cloud depending on your organisation’s goals. Once you’ve established those priorities, make sure you choose a secure cloud service – one that can prove they are secure. (Check out a short explanation of our comprehensive security practices here.) And lastly, make sure you’re adding the necessary security controls – namely, using multifactor authentication and not relying solely on passwords to access the cloud.

We’ll continue to monitor this regulation closely and keep you informed of all updates. Stay tuned and check the Okta Blog to hear more.