When it comes to data, privacy and security should be of paramount importance for all businesses, no matter the size, industry or location. However, when it comes to understanding data legislation, new research has shown a clear gap in knowledge – ultimately putting business and customer data at risk.

Highlighting the divide

Recently, IONOS commissioned a survey polling 1,500 IT decision makers across the UK, France and Germany, to delve deeper into the topic of legislation understanding. 

When asked about data storage, IT decision makers clearly demonstrated their focus on high data standards, ranking privacy and security as some of the most important priorities for the businesses they worked for. Despite this, there seems to be a clear knowledge gap in the industry when it comes to understanding and adhering to some forms of data legislation.

Pleasingly, knowledge of GDPR is stronger than ever. The legislation has dominated the EU data landscape since before it came into effect in 2018, and breaches and fines continue to make headlines. However, according to the research, 92% of UK, 92% of France and 94% of German respondents claim to have a comprehensive understanding of the EU regulation – a positive result for businesses across these markets. 

Meanwhile, when we explore understanding of US legislation – the US CLOUD Act in particular – the statistics aren’t as promising. 

Since it was passed by US congress in 2018, the US CLOUD Act has been a controversial topic. Direct contradictions with GDPR have come to light, and many are unaware that the legislation can actually impact EU businesses. One key element of the legislation gives US law enforcement authorities the power to request data stored by most major cloud providers – whether they’re inside or outside of the US. 

When asked about the US CLOUD Act, the research found 44%, 41% and 33% of respondents lack a comprehensive understanding in the UK, Germany and France respectively. In addition, many professionals were also unaware that US cloud hosting providers may be required to disclose customers’ data under the legislation, irrespective of GDPR rules (47% in the UK, 34% in Germany and 23% in France).

This knowledge gap is clear, and without the necessary understanding of the impact of the US Cloud Act implications, how can businesses ensure their data is secure and protected?

A new focus on education 

When it comes to the US CLOUD Act there’s a simple fact – choosing an EU supplier with EU datacenters is the safest option for EU businesses, as these cloud providers only have to adhere to GDPR. However, it’s essential a new focus is put on education around legislation so every business has a sound understanding of how it impacts them. 

Any legislation is difficult to fully grasp, but there’s a few simple actions businesses can immediately start taking to ensure they’re up-to-speed. 

All businesses should ensure they know what data they have stored and where. It’s important to regularly conduct an audit, and ensure multiple team members have this knowledge. Designated team members can also act as ‘legislation champions’ in the business, acting as the go-to for any relevant queries from other team members. Joining local IT groups, signing up to industry newsletters and setting up alerts to keep on top of significant changes will aid their knowledge, too.

Another surprising finding from the survey was that despite ranking data privacy and security highly on the priority list, a large percentage of IT professionals are willing to store sensitive data in the cloud, such as personal customer and employee data (54%), payment information (53%) and payroll and accounting data (51%). 

With any sensitive data, businesses should always question whether the cloud is the most suitable place for storage, and ensure additional security measures are in place to make sure it’s as safe as possible. Companies should be cautious and encrypt data where possible, and set-up security measures, like multi-factor authentication, to help achieve high security standards and stay vigilant against cyber-attacks. 

There’s also a host of resources available online to simplify legislation, including from regulatory bodies like the Information Commissioners Office (ICO). It shares regular legislation updates, and breaks down information to a practical level to assist in helping businesses understanding how it affects them. Signing up to newsletters is a quick and easy way to keep up-to-date and they host webinars too.

Compliance is key

What’s clear from the findings is that the desire to prioritise data privacy and security doesn’t quite match up with the reality of the situation. To help align these, industry communication and collaboration is vital, and ongoing knowledge-sharing around how changing legislation could impact data storage for UK businesses.

Adhering to legislation is an essential focus, however IT professionals are clearly under pressure to monitor and keep up with the evolving data landscape. That’s why it’s vital every employee, no matter job level or department, understands data compliance and its importance and the risk to the business of not adhering to the laws. 

By Sab Knight, head of UK sales at IONOS

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus