National governments are enacting new, stringent data privacy laws to protect citizen data, guard national security interests, and potentially provide a boost to local industries. This rush to protect sensitive and personally identifiable information threatens current business strategies, practices, and processes widely used by organizations that operate internationally. A recent Ovum survey returned findings that should perturb the business and IT leaders responsible for navigating their organizations’ efforts to minimize risk and cost in the face of an imminent period of turmoil.
Data privacy regulations are coming directly into conflict with cloud, software-as-a-service (SaaS), and mobile computing practices within enterprises. Cloud computing is an established part of the enterprise IT landscape, and adoption is expected to continue to increase over the next decade. Information-intensive business processes rely on SaaS, and this, coupled with a shift to mobile computing platforms, means that controlling data location (and, consequently, establishing where rests sovereignty over the data) and complying with privacy regulations is extremely challenging. Nevertheless, over the next three years, 78% of survey respondents plan to use cloud and SaaS-based applications, even for storing and sharing sensitive and regulated data.
Business leaders are deeply pessimistic about the potential consequences of new data privacy regulations. Our survey shows that organizations are aware of data privacy as an issue, but are struggling with how best to respond. When we asked about the pending European Union (EU) General Data Protection Regulation (GDPR), 52% said they think it will result in business fines for their company, and two-thirds expect it to force changes in their European business strategy. Decisions are made extremely tough in the knowledge that the cost of regulatory compliance will be substantial, but the cost of non-compliance could be higher still. Over 70% of respondents expect to increase spending in order to meet data sovereignty requirements, and over 30% expect budgets to rise by more than 10% over the next two years. Of those who plan to update data privacy strategies in the next three years, 38% plan to hire subject matter experts, and 27% will hire a chief privacy officer.
The decision-making challenge is exacerbated by a patchwork of contradictory and conflicting global privacy regulations, and organizations therefore need technology options to address all eventualities. The data sovereignty revolution threatens to create a Balkanized technology landscape, with different jurisdictions imposing inconsistent and often incompatible mandates for the way in which sensitive information is stored, processed, and shared. This is already creating confusion and uncertainty, leaving fundamental questions unanswered, such as how to interpret data location requirements. Organizations need technology options that enable them to react to a rapidly changing regulatory environment.