IT professionals 'fear GDPR impact on cloud migration'

More than half of IT security professionals are concerned that the introduction of the General Data Protection Regulation (GDPR) legislation in May 2018 will prevent them from using the cloud to store sensitive data.

A survey conducted by cloud data protection specialist Eperi revealed that 85 per cent of It security professionals are not confident enough in their cloud providers' ability to protect sensitive data to the standards expected by the new GDPR laws.

A further 72 per cent stated that they would need to re-evaluate their data security requirements when it comes to using cloud computing as a result of the changes in European legislation.

However, 54 per cent revealed that they already rely on SaaS or cloud services to encrypt sensitive data on their behalf, while just over half suggested that it is reasonable for their cloud provider to take control of their encryption keys, either in full or in part.

Despite this, Ravi Pather, senior vice president at Eperi, has suggested that businesses who have taken control of its encryption keys in the past will actually be more prepared for the introduction of GDPR than those who do rely on their cloud provider.

Commenting on the results of the study, Mr Pather said: "In the event of data compromise or loss, if the organisation is in full control of its own encryption keys, it can avoid the notification step altogether if the data is unreadable to the world outside the organisation."

"In contrast, if the cloud or SaaS provider controls the keys and they are breached, then there is no way to be certain the organisation’s data is safe and notifications and fines ensue," Mr Pather added.