Making predictions for the future is a notoriously dodgy business, especially in the world of technology, but one certainty for this year is big changes in how European data protection is governed.
The legal fig leaf of ‘Safe Harbour’ which used to cover any transfer of personal data from Europe to the US for processing or storage is no longer valid.
Late last year the European Court of Justice ruled that Safe Harbour was illegal because it didn’t give citizens enough legal protection.
The change makes life difficult for any company using a traditional cloud provider because it is often unclear exactly where your firm’s data is being stored.
For many companies this should be the first job of 2016 – asking cloud providers just where data is being kept. This might mean your cloud provider has to talk to its infrastructure provider to get an answer but you need to know in order to ensure you will comply with the new rules.
Several providers have already put in place offerings to ensure data is kept in the European Union and hybrid providers have been able to move more quickly to adopt to the changes.
One thing we do know is that these issues are being taken much more seriously by governments and by the general public alike.
We also know failures will mean serious costs for businesses – the European Union has already agreed to impose fines of up to four per cent of global revenue on companies failing to protect people’s data.
Making sure you know what is being stored and where it is being stored will mean your company is ready for the future.
The European General Data Protection Regulations was issued in December and will come into force in a couple of years.
The new regulations promise to make life easier for companies working across Europe by replacing the current patchwork of laws with one set of rules to follow.
These will include requirements for businesses to inform people when their data is hacked as well as giving people the right to move their data easily to another provider.
Of course the devil is in the detail and this year will see how the rules will actually be implemented.
All enterprise IT departments can do is ensure they know just where their current data is stored so that they will be in a position to comply with the changed regulations.
It is possible that by the time these rules come into force the UK will no longer even be a member of the European Union – depending on the results of the referendum.
But any withdrawal is likely to be a slow process so British businesses will still likely have to comply for at least a period.
Also the regulations will also apply to any company outside the EU which wishes to trade with any European firm.
So whether we’re in or out the chances are we’ll still be following the same, or very similar, data protection laws.