The regulatory maze of a pan-European cloud
–Ian Winham is Chief Information Officer of Ricoh Europe. The opinions expressed are his own.–
Cloud computing is widely regarded by policymakers and business leaders to be one of the biggest keys for unlocking business growth in Europe today. So much so that the European Commission is currently formulating a cloud strategy to promote cloud use across the private and public sectors across all of Europe.
The reason behind this effort is clear. Policymakers and businesses alike are full of confidence in the cloud’s ability to drive growth for Europe and particularly for SMEs, deliver savings for governments and ultimately create a more efficient European economy. The numbers are just as promising. Cloud services can boost Europe’s five largest economies by €763 billion over the next five years and create 2.4 million jobs, according to research from the Centre for Economics and Business Research. Other business forecasts are even more optimistic. IDC estimates the cloud could generate up to 14 million new jobs globally by 2015.
So it is a not matter of if Europe should adopt cloud storage, but rather when Europe will adopt cloud storage more broadly. The cloud will one day sit at the centre of the future workplace, with businesses becoming more flexible and mobile than ever before.
Today, many businesses face a number of hurdles in migrating to the cloud. This is particularly an issue for businesses that work in several EU countries. At the moment a number of divergent laws exist in the member states, especially regarding what data can be stored and where. This means that companies often find it challenging to set up a single cloud service for all of their EU operations since many countries do not permit certain data to be housed outside national borders. Luxembourg’s financial services industry is just one example, but these rules could equally apply to a French retail website, which keeps its data on a server in Ireland but does a lot of business in Germany. At the same time, users need to address the transparency of where their data is and where it has been transferred to. Can the data controller be sure how and where data is being processed?
Since data privacy legislation in Germany is widely recognised as amongst the most rigorous in Europe, we decided to benchmark our cloud standards against German legislation.
The European Commission has published a proposal to update and harmonise data protection rules through a Data Protection Regulation. No doubt this is a welcome step forward, but it could take months and possibly years before they are implemented, especially as we are already seeing concerns being raised about the cost of implementing the proposed Regulation. As a consequence, navigating Europe’s fragmented data protection landscape is something many companies are understandably cautious about doing, even though the rewards for doing so could be lower costs and higher productivity.
If the EU and its member states are serious about making the Digital Agenda a reality for businesses – particularly Europe’s 23 million small and medium sized enterprises – they need to act fast to put in place a regulatory environment that reflects and accommodates the needs of businesses who want to take advantage of the cloud and all its growth potential.