Understanding data compliance

By Campbell Williams, group strategy and marketing director, Six Degrees Group.

  • 10 years ago Posted in

From PCI DSS to CDE standards the data market today is rife with myths, jargon and acronyms when it comes to compliance. This is complicated further by data protection and compliance policies involving codes of conduct for IT decision makers throughout the UK. From payments to data sovereignty, there is a rule or best practice guide for everything meaning finding a place to start is challenging. Every UK organisation must comply with the regulations or they could face hefty penalties and suspension of service. Non-compliance is no longer an option.


A recent survey by 6DG has unearthed the fact that almost half (43%) of IT professionals don’t currently understand the compliance legislation when it comes to managing data. It’s no wonder why. From the UK’s Data Protection Act to individual (and varied) company privacy policies, IT professionals could get lost in a sea of paperwork. In fact, over half (52%) of the IT industry specialists surveyed said that they would rather use a third party to manage their data compliance than make sense of it themselves. The cost of non-compliance can be substantial. Demonstrating how eager they are to enforce to Cabinet Office’s ‘zero-tolerance’ approach to non-compliance, the Information Commissioner's Office (ICO) issued a fine of £325,000 to an NHS University Hospital Trust after a serious data breach in 2012.
Data sovereignty (where the data is stored) is a key component when it comes to compliance. For some organisations it’s essential that data is stored within the UK or EU, or as prescribed either by law or by internal governance policies. We were pleased to see a large majority (86%) of those questioned believing that data sovereignty is a concern. However, we were surprised to learn that in cases where an organisation outsources to Managed Services Providers (MSPs), there was often a lower level of in-house knowledge when it comes to compliance.


Rather than managing and monitoring the MSP closely, businesses are blindly assuming that their MSP is complying with the relevant regulations. A shockingly high proportion (35%) of those outsourcing to an MSP admitted to not even knowing where their data is housed. When a third of IT professionals using an MSP aren’t checking where their data is stored, how can they be sure that the solution is compliant and correct? With businesses relying on cloud providers that might be operating anywhere in the world, it’s time to start taking responsibility and make compliance and sovereignty a business priority.


Organisations need to manage vital financial information, customer details and intellectual property correctly in order to comply with the latest regulations. It is troubling that the majority of IT professionals surveyed have an insufficient understanding of how to make sure they are compliant. There’s clearly been a breakdown in communications between the ICO and the UK’s IT departments, but considering the number of rules out there perhaps it’s not surprising. Something needs to be done to help UK industries make sense of this maze of legislation.


Whilst we’re waiting for this to happen, here are my top tips for becoming data compliant:
1. Ask your Managed Services Provider how they deal with your data.
2. Keep up to date with the latest legislations and changes, trying to understand how they impact the way you do business.
3. Manage your MSP, keep asking what improvements they are making and how this will impact you and your data.
4. And last, but not least: Always know where your data is being stored. Always.
These tips simply scrape the surface of a complicated environment. Whether you’re a customer or a provider, everyone has the responsibility to ensure they are complying with the latest regulations. After all, compliance regulations exist for a reason.
 

Talent and training partner, mthree, which supports major global tech, banking, and business...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
GPUaaS provides customers on-demand access to powerful accelerated resources for AI, machine...
TMF Group, a leading provider of critical administrative services for global businesses, turned to...
Strengthening its cloud credentials as part of its mission to champion the broader UK tech sector...
Nearly all UK IT managers surveyed (98%) state cloud investment is an organisational priority for...
LetsGetChecked is a global healthcare solutions company that provides the tools to manage health...
Node4 to the rescue.