Whether your organization is based in Europe, has operations in Europe, or handles data pertaining to EU residents, a proposed EU regulation in the works will have a significant impact on which cloud services you use and how you use them. The EU General Data Protection Regulation is expected to be passed this year and take effect beginning in 2016.
The law is meant to replace the EU Data Protection Directive adopted in 1995 and modernize the original directive for the Internet era. Under the proposed law, liability for data breaches and violations of the law will be shared between data controllers (organizations that own the data) and data processors (such as cloud providers that store the data).
The proposed law governs how organizations treat the privacy of personal data and has far-reaching implications in an era where companies manage enormous amounts of data ranging from names, email addresses, phone numbers, and computer IP addresses. The penalties for violating the proposed law can be severe – up to 5% of a company’s annual revenue or up to €100 million, whichever is higher – and many cloud providers in use today are not prepared to meet the new requirements.