everythingpossible - Fotolia
The volume of enterprise data stored in overseas datacentres has been laid bare by VMware research, which serves to highlight the upheaval the abolishment of the Safe Harbour regime could potentially cause.
The virtualisation giant polled 250 UK IT decision makers, with the help of Vanson Bourne, to ascertain how much data their companies are currently storing overseas.
The findings suggest more than a third (34%) of UK plc’s business data is located overseas, while three-quarters (76%) of respondents said their companies have at least “some” business-critical data offshored.
Meanwhile, just a third (37%) of respondents said they knew for definite the precise location of where all their business data is.
While the survey was conducted in September 2015, a month before the European Court of Justice (ECJ) declared the Safe Harbour data-sharing agreement invalid, its findings revealed a high degree of concern among enterprises about the regulatory implications of having so much of their data stored overseas.
Of those surveyed, nearly 70% expressed apprehension about needing to shift their data back to the UK as a result of regulatory changes, such as Safe Harbour.
Furthermore, 70% of respondents aired concerns about needing to migrate their overseas data to a UK-based cloud provider as a result of Europe-wide data protection legislation changes. As a follow-on to this, just 10% of respondents said they would be fully prepared to do this.
If required, 96% of those questioned said it would cost them just over £1.6m for their company to do this over the course of three months.
Seek data privacy assurance from cloud providers
Richard Munro, chief technologist and technical director for vCloud Air Europe at VMware, said legislative changes, such as the demise of Safe Harbour, and the prospect of the UK leaving the European Union highlight why enterprises need to know where their data is.
Read more about Safe Harbour
- VMware claims the outcome of the EU Safe Harbour ruling will cause minimal disruption to its operations and should serve to reinforce its hybrid cloud strategy.
- A mechanism for the transfer of data between the European Union (EU) and the US to replace the Safe Harbour agreement is achievable, according to an EU data protection official.
An EU data protection official says he is optimistic that an alternative to the Safe Harbour agreement will be found, but it will take work from both the US and the EU.
- The European Court of Justice's decision to invalidate the Safe Harbour agreement has far-reaching implications for businesses.
- Max Schrems persuaded judge to confirm that Edward Snowden’s evidence is acceptable in court and that the US is engaged in mass surveillance of European citizens.
“Many organisations have rightly turned to the cloud for its flexibility, scalability and security. Knowing that their data is definitely residing in the UK means a need for change is far less likely, no matter what economical changes happen across Europe,” he said.
“The best approach is to be prepared for change well ahead of the new directive. This includes clear visibility into where data is stored when using a cloud provider, and having the ability to move it from one location to another if necessary within a short timescale.”
Roy Illsley, principal analyst for infrastructure solutions at IT market watcher Ovum, backed this view, and said enterprises should not shy away from seeking assurances from providers about the location of their data.
“Organisations should ask their provider where their data is stored, and whether facilities exist to store data in the UK if needed, but also how their data should be categorised to ensure it is stored in the right location,” he said. “Vendors which enable third parties to build local cloud services within a region will become critical support to these customers.”
Read more on Offshore IT services
US offers concessions on surveillance and privacy as EU and US agree successor to Privacy Shield
Court to rule on Facebook data sharing after Schrems drops legal challenge against Irish regulator
EU and US start discussions on ‘enhanced’ Privacy Shield data-sharing agreement
Why data exports from the EU will be challenging without Privacy Shield