IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

How GDPR is going to redefine the cloud

Box's EMEA head talks us through the impact of the new rules

Unless you've been living under a rock for the past year, you're probably aware that the EU's new data protection regulations - also known as GDPR - are shortly going to come into force. GDPR holds organisations to strict standards regarding customer data, with harsh penalties for negligence and abuse.

It's a major issue for European businesses, and it seems like absolutely everyone is talking about it. In fact, along with the Brexit negotiations, GDPR is one of the biggest causes of uncertainty for businesses.

As the senior vice president and EMEA general manger for a cloud storage and content management company, GDPR is understandably high on the list of priorities for Box's David Benjamin. "I personally feel that this is going to be a pretty defining moment in the industry," he told IT Pro. "It's going to be one of those 'inflection points', to use a Silicon Valley term."

One of the most significant parts of the legislation is the penalties for non-compliance. According to the law, if companies aren't abiding by the principles of the GDPR, they will be liable for up to 20 million or 4% of their global annual turnover - whichever is higher.

Despite these eye-wateringly steep fines, Benjamin says that companies are still failing to take GDPR seriously. "Customers I speak to are very aware of the impending May 2018 deadline," he said. "I don't sense, however, there is yet the movement within organisations to - and I hate using the expression - but to become GDPR-compliant. There's still an element of 'wait and see'."

Europe at night

This is reflected by a veritable avalanche of studies showing that companies are still unprepared for the regulations, including a new survey conducted by IT services firm Bluesource which showed that 80% of organisations will face "major challenges" for compliance when they come into effect.

US firms in particular may be caught by surprise, Benjamin said. He pointed to the Equifax breach, which has just been revealed to have affected nearly 700,000 UK citizens. "If that had happened post-May 2018, they would have been subject to a $60 million-plus fine," he said.

"It certainly hasn't filtered through to organisations that sit in the US, and don't necessarily realise that GDPR extends to all European citizens, whether they are captured in a US platform or a US-headquartered organisation or not."

The biggest problem that organisations are having with GDPR compliance, according to Benjamin, is that the regulations are vaguely-worded in a lot of places. While some elements of the rules - such as the need to appoint a data protection officer and notify users of a breach within a given time frame - are clearly laid out, many aspects have a lot of room for interpretation.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Most Popular

16 ways to speed up your laptop

16 ways to speed up your laptop

13 May 2022
Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

Linux-based Cheerscrypt ransomware found targeting VMware ESXi servers

26 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022