Vjom - Fotolia

GDPR worries hit cloud storage investments, says survey

NetApp-sponsored survey finds lack of customer confidence in cloud service providers’ retention of GDPR-affected data has led organisations to rethink and scale back cloud investments

The impending arrival of Europe’s General Data Protection Regulation (GDPR) could deal a blow to the use of the cloud to store data. That’s because GDPR dictates that organisations must be able to find and process the personal data of their customers, and for those using cloud storage it’s not a simple task to achieve compliance.

As a result, some organisations are rethinking their use of cloud storage, while others have even started to scale it back.

Those are the findings of a survey of 253 UK and European CIOs and IT managers, carried out for storage maker NetApp, late in 2017.

Under GDPR – set to come into force in May 2018 – there will be greater rights for the individual to decide how their “personally identifiable data” is used by corporations.

Personally identifiable data now extends from the obvious name, date of birth, etc, to a range of information retained by IT systems, including metadata, IP addresses, mobile IMEI numbers, SIM card IDs, cookies and biometric data.

Meanwhile, the “right to be forgotten” allows individuals to request that data about them be deleted without “undue delay”.

All this places onerous requirements on how organisations retain data and their ability to find and deal with it.

But how much do cloud customers know about their data once it’s in the hands of cloud service providers?

Nearly half (49%) said they were confident about where their service provider’s datacentres are and where some of their data is held, while 26% said they were fully confident in the location of cloud provider datacentres and where their data is held. The remaining 26% were not confident they could answer either question.

When the survey asked how aware respondents were about GDPR, a small minority seemed fully conversant with the forthcoming directive. 

Just over half (56%) had some understanding, while 26% had a good understanding. A mere 13% said they fully understood the implications of GDPR. Exactly one tenth said they didn’t know what it was.

And this, in turn, seems to be manifest in a lack of preparedness in compliance terms for the onset of GDPR in May.

Half of respondents (50%) said they were not fully compliant, while 30% claimed they were fully compliant. Just less than one-fifth (18%) said they had made no preparations at all.

And the lack of certainty about the whereabouts of data in public cloud services seems to have led to a negative effect on organisations’ cloud investments.

Read more about GDPR

Half (50%) said they would continue to invest in cloud, but 28.5% said they would consider scaling back their cloud investment and 24% said they had already started to reduce their cloud investment. But for some (37.5%), the onset of GDPR had caused them to invest more in data regulation compliance.

The survey also took a snapshot of the extent of cloud – public, private and hybrid – usage, the workloads entrusted to it, and how much trust customers place in the cloud.

Of those questioned, 25% use only private cloud, 15% have only public cloud, while 58% operate with some form of Hybrid cloud provision.

Storage was the most cited workload for cloud (66%), with backup in second place (61%) and disaster recovery in the cloud used by 40%.

When asked why they use the cloud, security and cost savings were the highest scoring, at 53% and 52% of respondents. While these are not high percentages in absolute terms, they are relatively high compared to compliance (27.5%) and data privacy (24.5%), which ranked low as qualities gained from use of the cloud.

Read more on Cloud applications

Data Center
Data Management