Data sovereignty remains biggest enterprise GDPR fear

Cloud worries still prevalent as May 2018 approaches, finds research

Data sovereignty remains top of the UK enterprise's concerns as the countdown to May 2018's General Data Protection Regulation continues apace.

New research from Computing, delivered this morning as part of the IT Leaders' Forum Manchester session entitled GDPR: Are You Sure You've Thought Of Everything? revealed that 52 per cent of 135 IT decision-makers surveyed consider lack of knowledge as to where their data is stored a pressing issue.

A further 45 per cent of decision-makers cited "lack of direct control" as a fear, while being unsure who is accessing their data also accounted for 43 per cent of concerns.

All of these fears put together seem to outline a firm state of confusion and worry about the role of cloud in GDPR.

"The lack of control around cloud systems has always been a cause for concern," said Computing's Technology Analyst, Peter Gothard.

"It's not that cloud is less secure, it's that IT is much less able to focus on the vulnerabilities, which makes security-minded individuals - who instinctively dislike the notion of trusting third parties - uncomfortable."

Only seven per cent of respondents to the survey did not feel that cloud services represented a risk in any way to the enterprise.

However, it's not all bad news, argued Gothard.

"However, with risks can come rewards," he said.

"There is a spectrum of risk appetite and companies need to cut their cloth accordingly. Some will be happy betting on cutting-edge unproven services in the hope that this will give them a competitive edge. Others will prefer to play safe, or be compelled to do so by regulations and legislation. Whatever their risk appetite, though, it is important that they seek to measure it so that their decisions are logically based."

However the enterprise approaches the goal, Gothard, concluded, the importance is for everybody to pull together to achieve a common goal:

"An acceptance that data security is the joint responsibility of data controllers and processors lies at the heart of the forthcoming GDPR," he said.