- New report examines how businesses can safeguard their data to comply-

September 01, 2014, LONDON, UK – Impending changes to data protection laws are set to significantly impact how companies handle data, with businesses facing censure and substantial fines if they do not comply with new EU data protection rules. Workshare has released a new report in partnership with The Association for Information and Image Management (AIIM), which identifies and warns businesses of the varying risks associated with storing data in certain geographic locations across Europe.

The report, ‘Making sense of European Data Protection Regulations,’ offers data governance officers and CIOs detailed insight to the future data protection legislative landscape in Europe. Through the report Workshare and AIIM highlight the greatest challenge for organisations as being determining which cloud computing infrastructure (public, private or hybrid) is best suited based on the geographical location of the company or markets it serves.

Ali Moinuddin, CMO at Workshare, commented, “Failure to comply with the impending changes to data protection laws could result in charges of up to 100 million Euros or five per cent of companies’ global turnover. Data governance officers and CIOs must re-evaluate their businesses’ data protection solutions and realign current strategies to address and comply with the Regulation.”

Moinuddin added, “At the very least service providers must be able to pin point their data to a specific country or region. While the more advanced should be able to pinpoint data to a specific data centre in a specific city in Europe or indeed offer a hybrid solution that allows companies to use their own infrastructure.”

The report also highlights the need for “Data Guardians” or “Data Controllers” who determine the best geolocation for company data, enforce data governance, and hold responsibility for ensuring data is handled according to national, regulatory, and organisational-specific policies.

Doug Miles, Director Market Intelligence for AIIM, commented, “Cloud service providers need to be aware that organisations are beginning to address the Data Protection Regulation and reassess their current provider as a result. This is a major opportunity for cloud providers to differentiate themselves from each other and ensure their services align with the new regulation.”

The report provides the following recommendations:

  • Set a compliant strategy for the company and in each geography, in preparation for the requirements of the Regulation
  • Undertake an annual risk management/analysis, detailing the risks identified for data breaches/loss and steps taken to alleviate those risks 
  • Educate sales and technical staff on the implications of the Regulation and amend contracts and provisioning appropriately 
  • Review the physical locations of data centres and ensure that they are not processing personal data outside the boundaries set by individual country legislation

The report is now available for download here.