The EU GDPR and Cloud: You Can’t Protect What You Can’t See

The legal, compliance, and information security community is abuzz with talk of the European Commission’s pending EU General Data Protection Legislation (GDPR). Set to be adopted in 2017 and implemented the following year, carrying penalties up to 5 percent of an organisation’s annual turnover, and not only impacting organisations in Europe but around the world, the GDPR will replace Europe’s Data Protection Directive and supersede any country-level data privacy regulations within the EU. In short, it’s a big deal.

Something that’s been missing from the conversation, though, is cloud. Over the last several years, organisations large and small, across virtually every industry, in Europe and across other regions, have rapidly adopted cloud apps. They’ve done this for several reasons: Cloud apps make people more productive and allow them to work more flexibly. They are new, innovative, and “next generation.” And they are easy to procure. This has led to European companies having an average of 608 cloud apps in use, according to our latest Netskope Cloud Report. And these aren’t just individual users – entire working groups and lines of business are standardising on these apps for critical functions like Human Resources, Finance, Customer Relationship Management, Supply Chain, and more. At the same time, many European IT or information security professionals either believe their organisations are “not in the cloud” or vastly underestimate the number of apps in use – often by 90 percent or more. This is “shadow IT” at its finest.

Here’s the problem: The GDPR will require organisations to know what services are “processing” personal data and protect the privacy of those data. Yet if vast amounts of personal data are being processed by shadow IT, how can organisations protect those data? In other words, you can’t protect what you can’t see.

For this reason, today we announced the availability of a set of services and complimentary tools for our customers and prospects to help them understand the GDPR in the context of cloud, as well as comply with the pending law while enabling users to continue to use and benefit from cloud apps.

The services include a Netskope Cloud Risk Assessment for the EU GDPR (a one-time assessment in which we discover all of the cloud apps in your environment, assess their risk of non-compliance with the latest draft of the GDPR, and make remediation recommendations) and a Netskope Cloud Compliance and Remediation Service for the EU GDPR (a professional service that is meant to recommend a path to cloud compliance with the GDPR and implement those recommendations). The risk assessment is available today and the professional service will be made available in the early part of next year.

In addition to the services, here are the complimentary tools that we believe will help you make sense of the pending legislation as it relates to cloud, and find out how you can comply.

• A white paper, “Managing the Challenges of the Cloud Under the New EU General Data Protection Regulation,” on which we collaborated with Jeroen Terstegge, a partner at data privacy firm Privacy Management Partners
• A checklist, “EU GDPR Cloud Readiness and Compliance Checklist,” a set of practical steps for ensuring compliance with the six tenets laid out in the white paper
• A live webinar with Privacy Management Partners’ partner, Jeroen Terstegge and Netskope’s regional director of solutions architecture, Andy Aplin, “Managing the Challenges of the Cloud Under the New EU General Data Protection Regulation.” Register here.
• A series of live, regional workshops hosted by Netskope and regional legal and privacy experts designed to help you understand the GDPR for cloud-consuming organisations and provide a framework for compliance. Register your interest here.

Whether you’re a European organisation or one serving European customers, the pending GDPR legislation will have a significant impact on your organisation’s use of cloud. Take advantage of these services and complimentary toolkit to understand the pending law and achieve compliance while continuing to allow your users to realise the benefits that cloud apps offer.