Getting connected — that's the key aim of today's businesses. Customers are connected; businesses are connected; even your car, watch, and socks are connected. This means that your business' responsiveness to customer, partner, and employee demands has to be faster and more reliable than ever. In the connected world, the technology solution of choice for a growing number of European CIOs is cloud computing. Forrester forecasts that European companies will increase their budget for cloud computing technology in 2015 and beyond.
Governments are keen to promote cloud computing. In 2012, the European Commission (EC) estimated that the adoption of cloud computing in Europe could have an overall cumulative impact on GDP equal to €957 billion and provide 3.8 million jobs by 2020; as a result, it is developing a formal strategy to support and encourage the adoption of cloud technology across all sectors of the economy in Europe to boost productivity. This includes the provision of greater legal certainty and a more harmonized legal framework around cloud computing across European Union (EU) member states.
New cloud standardisation guidelines are designed to promote cloud adoption
The Cloud Select Industry Group (C-SIG) of the European Commission recently developed and published the Cloud Service Level Agreement Standardisation Guidelines, which represent part of the output of the European Commission's cloud computing strategy within the context of the overarching EU digital agenda. The guidelines are not binding rules and do not provide an exhaustive list of contract requirements for cloud services. Nonetheless, they are a collection of best practices, which will frame users' discussions with providers when contracting cloud services. More specifically, these guidelines aim to help professional cloud users ensure that essential elements are included in plain language in the contracts they sign with cloud providers.
The guidelines, which also represent the EU contribution to the definition of international standard for cloud SLAs by the ISO/IEC JTC1 Working Group, are structured around four main domains: performance, data security, data management, and personal data protection.
Guidelines and other soft tools will make the CIO's life easier
The new cloud standardisation guidelines will help CIOs not only compare cloud offerings but also achieve compliance with data privacy laws more effectively. Compliance is no longer the exclusive domain of corporate lawyers; it is a top priority for European CIOs across all industries. Customers are increasingly aware of the value of the data they share and expect effective protection of their data and privacy. Regulatory requirements are becoming tougher, and fines for data breaches are growing. Moreover, successful initiatives to secure and protect customer data reveal incredible potential to create new business value.
When selecting cloud solutions, CIOs must consider not only their technical features but also the mechanisms that will help them achieve full compliance most efficiently, such as the new cloud standardisation guidelines. Other similar soft tools will soon follow: The European Commission, industry leaders, and sector experts are working together on a code of conduct for cloud service providers and refined security certification schemes, which will be published at the end of 2014.
Conclusion: EU Data Privacy Laws Change The Business Culture And Modus Operandi
EU data privacy laws are changing the way European businesses operate and think about customer data privacy. Moving forward, all businesses offering products and/or services to European customers will need to comply with EU rules, regardless of the location of their headquarters. Over time, the scope of these regulations will increase: The draft data protection regulation, for example, explicitly adds IP addresses and device tracking data to the list of data falling within the scope of the law. CIOs must ensure that their firms undergo the necessary cultural and operational transformation to compete in this complex environment.
To contribute to their organisations' success, CIOs must:
1. Engage with cloud providers to implement data protection. An increasing number of cloud providers are becoming more and more familiar with the requirements and logic of EU privacy laws. Many are working with the regulators to help shape new regulations and soft tools, such as the standardisation guidelines. This will lead to a slow but progressive shift toward a new compliance mindset — and better solutions. Look for those providers that are undergoing this shift, and extract new value from them when it comes to effective compliance with EU data protection and privacy.
2. Help create a company mindset around privacy protection. To mitigate the risk of failure, privacy must be considered in every process and at every level of the business. Introduce privacy considerations in early discussions about crafting new business processes, solutions, and products and services for your customers. Learn from the creative approaches of digital businesses, innovation incubators, accelerators, and new startups, where CIOs, CMOs, product designers, CISOs, and CEOs sit together to plan new products and services.
3. Show CEOs the business value of effective security and compliance. Your metrics have to reflect all the components of your business technology agenda and the business value you create in implementing those technology initiatives. Security and privacy protection are no exception: Moving forward, the value they bring to the business will become increasingly important. Show your CEO and board of directors the business relevance of compliance. Don't just focus on cost savings and risk mitigation; more importantly, highlight your contribution to seizing new business opportunities, improving brand loyalty, and increasing customer and partner trust.
Enza Iannopollo is Researcher and Pascal Matzke is Research Director at Forrester, serving the information needs of CIOs.