Lack of legislation understanding posing threat to security of UK business data

New research from cloud and hosting services provider, Ionos, has found that 44 per cent of IT decision makers (DMs) in the UK do not have a comprehensive understanding of the US Cloud Act, ultimately putting their data at risk. The survey, which polled 500 UK IT DMs, explored the industry’s understanding of key data legislation, attitudes towards data storage and cloud services usage.

The US Cloud Act has been a controversial topic since it was passed by US congress in 2018, and even more so since the US and UK signed the Cloud Act agreement almost six months ago. One key element of the legislation gives US law enforcement authorities the power to request data stored by most major cloud providers.

However, almost half of UK IT DMs (47 per cent) are not actually aware that US cloud hosting providers may be required to disclose customers’ data under the legislation, stored inside or outside of the US, irrespective of GDPR rules.

In contrast, and highlighting the dominance that GDPR has taken in the attention of IT decision makers, 92 per cent of respondents claimed to now have a comprehensive understanding of the EU regulation. While questions have been raised about changes to the legislation post-Brexit, UK businesses must continue adhering to GDPR throughout the Brexit transition period. It’s also expected that the government will include GDPR within the existing UK Data Protection Law so it continues to be enforced after the transition period ends on the 31st December.

Surprisingly, when also questioned about what data businesses store in the cloud, 54 per cent were willing to store personal customer and employee information, and 50 per cent payment information or payroll and accounting data.

“GDPR compliance has been a key focus for many European and Global businesses since it was introduced, but IT professionals are under pressure to keep up with the constantly evolving data security landscape,” explained Achim Weiss, CEO at Ionos. “The US Cloud Act adds another layer of potential misunderstanding for those hosting with US cloud providers. The only option to immediately minimise risk for EU businesses is to choose European providers that only follow GDPR.”

“What’s also obvious from the findings is that there’s a clear inconsistency between businesses wanting to prioritise data privacy and security, and the actual reality of the situation. As an industry, there’s a vital need for education around storage best-practice, and ongoing knowledge-sharing around how changing legislation could impact data storage for UK businesses – especially during the current Brexit transition period,” Achim concluded.

Related Posts
Others have also viewed

Generative AI at work: Creating a transparent company culture

The power of generative AI has risen to prominence in the past year. Even for ...

Businesses fail to achieve highly resilient connectivity as commodity IoT providers fail to deliver

A new State of IoT Adoption report launched today by Eseye, a leading global IoT ...

AI-powered computer vision enhances safety in industrial workplaces

RoboK, a startup applying AI-powered computer vision to logistics and industrial workplaces, has announced $2.1 ...

2m UK university and research facility credentials hacked

2.2 million personal credentials are available on the dark web stolen from the top 100 ...