How can CIOs address data sovereignty?

The vast majority of UK CIOs and IT decision makers (91%) are looking to migrate their on-premise apps to either IaaS, PaaS or SaaS clouds in the next 3-5 years.

However, Trustmarque’s report, looking at the challenges and opportunities of cloud migration, has found that legal and compliance issues inevitably rise when organisations consider migrating their IT infrastructure to the cloud with 73% of CIOs claiming to be concerned about the key issue of data sovereignty when doing so.

>See also: Digital transformation brings new challenges for CIOs

The borderless nature of the cloud, where providers may have data centres all over the world, can create serious problems where there are specific legal and regulatory requirements to store data, especially in the UK.

A cloud provider may have data centres all over the world. But for companies in some sectors this can create problems if there are requirements to store data inside the UK. It’s no coincidence that those in heavily regulated industries – the public sector (44%) and financial services (46%) – are most concerned.

One of the key areas to consider is the introduction of the new General Data Protection Regulation (GDPR) that come into effect on the 25th of May 2018. GDPR will levy strict requirements on all global firms storing and processing EU citizens’ data. These include a 72-hour mandatory data breach notification window, and strict penalties of up to 4% of global annual turnover for any serious infractions.

>See also: Microsoft opens first UK cloud data centres

For any UK CIOs hoping that the new GDPR regulation will excuse them from adhering to the strict requirements, the reverse is true. Currently, many organisations are taking a ‘do nothing until it has been clarified’ approach to GDPR. This should not be the case.

The process for a CIO is the same as it is for any individual or organisation in managing data or migrating apps to the cloud – there is a three-stage approach to take – discover the issue, conduct an assessment to understand the issue and potential risks and then develop and execute a plan to ensure there is a process in place to document, and secure, the flow of data across data centres, via the cloud.

Cloud modernisation needs to be aligned with the future demands of GDPR. Security and compliance are essential elements of any modern business and it pays to ensure both are given the necessary time and resources they deserve.

>See also: Digitally transforming with the right cloud strategy

This means that CIOs must do their due diligence on any cloud provider they are migrating apps and data to and ensure they know where their businesses data is stored and how it is used at all times.

To support their quest to ensure data sovereignty, CIOs can access Trustmarque’s Cloud Transformation Platform, which can help them meet any unique regulatory, compliance and organisational needs, and be cloud-ready.

 

Sourced by James Butler is chief technology officer, Trustmarque Technology Solutions

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

CIO
Data Sovereignty
GDPR