Dive Brief:
- Many cloud service providers (CSPs) are underestimating the impact of the General Data Protection Regulation (GDPR) set to go into effect next year, according to new research from International Data Corp. (IDC).
- Both CSPs and their customers must understand the extent to which they are liable under GDPR, and "how they can construct workable and valid contractual agreements," IDC said in an announcement.
- "CSPs must act immediately to consider their position under the GDPR, and review all systems and processes before the 2018 deadline," said Duncan Brown, associate vice president of security at IDC. "GDPR means increased risk and higher costs for CSPs dealing with personal data."
Dive Insight:
The GDPR goes into effect May 25, 2018, and brings with it big changes in how companies are legally required to protect personal data. This is a major change for many types of businesses, yet many businesses appear to be taking a somewhat lackadaisical approach to the issue.
That may be because companies don’t understand the extent of the provisions or how they will be affected. The law does not just apply to EU-based companies. If a business anywhere offers goods or services to EU-based individuals, either directly or indirectly, they are required to meet the GDPR rules.
If a company is using a CSP, they must also ensure the CSP is meeting the GDPR requirements, and vice versa. As IDC notes, ignorance cannot be used as a defense.
But companies need to start ramping up compliance efforts if they are going to be ready by next year. More than half of companies affected by GDPR will not be in full compliance with its requirements by the end of 2018,according to a Gartner report released last month.