Understanding data compliance

By Campbell Williams, group strategy and marketing director, Six Degrees Group.

  • 10 years ago Posted in

From PCI DSS to CDE standards the data market today is rife with myths, jargon and acronyms when it comes to compliance. This is complicated further by data protection and compliance policies involving codes of conduct for IT decision makers throughout the UK. From payments to data sovereignty, there is a rule or best practice guide for everything meaning finding a place to start is challenging. Every UK organisation must comply with the regulations or they could face hefty penalties and suspension of service. Non-compliance is no longer an option.


A recent survey by 6DG has unearthed the fact that almost half (43%) of IT professionals don’t currently understand the compliance legislation when it comes to managing data. It’s no wonder why. From the UK’s Data Protection Act to individual (and varied) company privacy policies, IT professionals could get lost in a sea of paperwork. In fact, over half (52%) of the IT industry specialists surveyed said that they would rather use a third party to manage their data compliance than make sense of it themselves. The cost of non-compliance can be substantial. Demonstrating how eager they are to enforce to Cabinet Office’s ‘zero-tolerance’ approach to non-compliance, the Information Commissioner's Office (ICO) issued a fine of £325,000 to an NHS University Hospital Trust after a serious data breach in 2012.
Data sovereignty (where the data is stored) is a key component when it comes to compliance. For some organisations it’s essential that data is stored within the UK or EU, or as prescribed either by law or by internal governance policies. We were pleased to see a large majority (86%) of those questioned believing that data sovereignty is a concern. However, we were surprised to learn that in cases where an organisation outsources to Managed Services Providers (MSPs), there was often a lower level of in-house knowledge when it comes to compliance.


Rather than managing and monitoring the MSP closely, businesses are blindly assuming that their MSP is complying with the relevant regulations. A shockingly high proportion (35%) of those outsourcing to an MSP admitted to not even knowing where their data is housed. When a third of IT professionals using an MSP aren’t checking where their data is stored, how can they be sure that the solution is compliant and correct? With businesses relying on cloud providers that might be operating anywhere in the world, it’s time to start taking responsibility and make compliance and sovereignty a business priority.


Organisations need to manage vital financial information, customer details and intellectual property correctly in order to comply with the latest regulations. It is troubling that the majority of IT professionals surveyed have an insufficient understanding of how to make sure they are compliant. There’s clearly been a breakdown in communications between the ICO and the UK’s IT departments, but considering the number of rules out there perhaps it’s not surprising. Something needs to be done to help UK industries make sense of this maze of legislation.


Whilst we’re waiting for this to happen, here are my top tips for becoming data compliant:
1. Ask your Managed Services Provider how they deal with your data.
2. Keep up to date with the latest legislations and changes, trying to understand how they impact the way you do business.
3. Manage your MSP, keep asking what improvements they are making and how this will impact you and your data.
4. And last, but not least: Always know where your data is being stored. Always.
These tips simply scrape the surface of a complicated environment. Whether you’re a customer or a provider, everyone has the responsibility to ensure they are complying with the latest regulations. After all, compliance regulations exist for a reason.
 

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...