Europe plans to implement stricter data protection laws in a new EU General Data Protection Regulation to be passed later this year or early 2015. However, a study revealed that as of now, only 1 out of 100 cloud providers would comply with the tougher requirements.
The research, performed by Skyhigh Networks, found that an overwhelming number of cloud vendors would fail to adhere to one or more of the new measures, based off its database of more than 7,000 cloud services.
The new regulation would likely be enforced by 2016 or 2017, affecting either firms based in Europe or firms handling the data of EU citizens, said Skyhigh Networks.
The study revealed most vendors had a variety of issues impairing them to comply with the new requirements including, the right to be forgotten, or data infidelity and deletion policies, data residency, data breach detection and notification, as well as encryption and secure passwords.
“It’s staggering how few cloud providers are prepared for the new EU regulations but, fortunately, there’s still time for providers to get into shape,” said Charlie Howe, Skyhigh Networks EMEA director.
Howe added that cloud providers will inevitably require additional resources and expenditures to implement the policies to meet the new standards, however, the costs would only total up to a mere fraction of the proposed penalty for violation—five percent of a company’s annual revenue or up to €100 million.
With the average organization using more than 700 cloud services, it’s easy to see how compliance with the new regulations can pose a tough challenge for them. “One of the most heavily debated and a controversial amendments to be implemented is the right for individuals to request deletion of data that identifies them,” said Howe.
“A big problem is that 63 percent of cloud providers maintain data indefinitely or have no provisions for data retention in their terms and conditions. On top of this, another 23 percent of cloud providers maintain the right to share data with another third-party, making it even more difficult to ensure all copies are deleted.”
In addition, only 11 non-European countries satisfy EU privacy requirements, not including the United States, which homes the headquarters of nearly two-thirds of cloud service providers. Inclusively, only 8.9 percent of US-based providers have exception to these regulations through the Safe Harbor Certification.
Categories: Top Security Stories