A third of UK CIOs are more concerned with EU regulation – such as the data protection directive – than their own local laws, a study has revealed.
Some 34% of UK CIOs and 30% across Europe regard EU regulation as more important than local country laws, according to a survey of 400 CIOs by Forrester Consulting in eight European countries.
“Customers expect companies to handle their personal information securely and treat it with respect. Data security breaches imply the opposite,” the report said.
The study confirmed that regulation and compliance is on every CIO's agenda in Europe. It noted that the challenge facing larger businesses is the complexity and reach of EU laws which makes adhering to them even more critical because of the far reaching effects for all sectors and all countries.
Read more about compliance
- Cloud Compliance: Tackling Compliance in the Cloud
- Compliance and risk
- Podcast: Why you need a cloud storage compliance audit
- Top 10 information governance strategy tips for compliance pros
While 85% of CIOs across Europe said regulatory compliance was an important issue for their ICT strategy, there was less support for local data regulation across the region.
Only in Switzerland (84%) and Belgium (80%) did significant numbers of CIOs deem local laws to be important – even then, they considered EU laws to take precedence.
In Spain, under half (48%) of the CIOs viewed compliance with local regulation as critical to their organisation.
While 88% of CIOs described themselves as being familiar with legal requirements, 86% of CIOs said they need access to the relevant legal teams to deal with the complex legal requirements they face.
“This study reflects what we are seeing across all of the European countries we operate in,” said Emmanuel Tricaud, regulatory director of Colt Technology Services, which commissioned the study.
“The fact that technology now underpins almost every business function means that the growing complexity of local and EU-wide laws is no longer the remit of the regulatory team alone,” he said.
According to Tricaud, the potential risk of reputational damage caused by loss of data or compromised customer data means close working relationships between the CIO and regulatory side of the business are more important than ever.
Enterprises expect CIOs to play a leading role in exploiting technology trends to deliver on strategic business objectives, said Gavin Jackson, European director of cloud services at VMWare, which co-sponsored the study.
“Enterprises of all sizes can now efficiently play in adjacent vertical and geographic markets by providing anytime, anywhere access to corporate information but this study shows that EU regulations should be a core consideration for all CIOs supporting cross-border growth ambitions,” he said.
As enterprises store, manage and analyse increasing amounts of customer and employee information, the question of where that data is hosted and accessed and by whom will continue to be a hot topic, the survey report said.
Some 85% of survey respondents said they consider country-specific datacentres when selecting a service provider. Some 78% said that not having data scrutinised by government departments is either very important or extremely important to their organisation.
This remains consistent across Europe with 84% of Spanish CIOs and 82% of UK CIOs saying that keeping data safe from scrutiny by government agencies was of significant importance. Germany was the lowest at 70%.
The study also found that most CIOs across Europe expect regulation to slightly increase in importance over the next 2 years, except Germany, where most expect it to decrease.
CIOs are very confident that they are familiar with the relevant compliance and regulatory requirements for ICT, particularly UK CIOs (92%).
However, 82% of UK CIOs feel that support from the relevant compliance and regulatory teams is important for their organisation
A fifth of CIOs believe compliance is one of the biggest challenges when it comes to managing large volumes of data.