Concern about cloud computing’s inability to cope with new GDPR requirements

The new General Data Protection Regulation (GDPR) is set to consolidate the European Union’s efforts in the field of data protection and privacy law by requiring companies handling personal information of people within EU borders to take extra precautions in order to ensure that personal data is adequately protected from data breaches and hacker attacks. But as the GDPR also imposes hefty fines for non-compliance, businesses are starting to reconsider whether using cloud computing could pose risks for the data they process.

Cloud increasingly adopted, and investments soar

Cloud computing has been on the rise for a while now since it has emerged as the perfect answer to modern businesses’ increased demands for more space, greater flexibility and unparalleled scalability. The market keeps growing every year, as Gartner reports, as it estimated that the global public cloud market grew by 18% last year to reach $246.8 billion – a significant rise from $209.2 billion in 2016. Cloud system infrastructure services in particular, also known in the industry as infrastructure as a service (IaaS), were expected to demonstrate the highest growth rate at almost 37% in 2017, rising to a total of $34.6 billion, while software as a service (SaaS) followed by over 20% projected growth to a total of $46.3 billion.

Security in cloud environments a complicated issue

Cloud services are increasingly perceived as an integral part of doing businesses – at least when it comes to the IT aspect. Most companies nowadays, regardless of size, need to invest in their IT department to ensure a smooth and streamlined process. According to Gartner, by 2020, strategies regarding cloud adoption will play a crucial role in over 50% of deals with regard to IT outsourcing. Yet despite the evergrowing penetration of cloud services, cloud security remains a complicated issue for businesses invested in safety and data protection. Companies need to ensure that as they move to public cloud environments like AWS and Azure, that they use common processes and reporting mechanisms to reduce the risk of security breaches, and that they use cybersecurity tools to protect their applications in the cloud.

GDPR requirements might discourage companies from turning to cloud storage

Yet the new GDPR requirements that relate precisely to these and similar security concerns that are inherent in a cloud environment might change the enthusiasm with which cloud computing is adopted across businesses – if that hasn’t happened already. According to a survey conducted late last year and reported by Computer Weekly, 28.5% of respondents stated that in light of the impending GDPR obligations they are considering cutting back on using cloud storage – and a further 24% responded that they have already started doing so. While half of the respondents still expressed confidence in cloud services, only 37.5% of those surveyed said that the GDPR pushed them to invest more in compliance with data regulation. Interestingly, the majority of respondents operate in a hybrid cloud environment (58%), while 25% opt solely for private cloud and 15% exclusively for public cloud.

This could mean that the GDPR has an effect adverse to that intended: instead of urging organisations to adopt a more rigorous data protection approach, it discourages them from turning to cutting-edge solutions, due to compliance concerns. Yet there is still time to change that attitude – and how exactly things will unfold will only become obvious after May.