75.4% of Cloud Apps are not compliant with GDPR
According to the Netskope Cloud Report from June 2016, almost 75.4% of the cloud apps are not compliant with the GDPR. The main reason for this incompliance is the lack of awareness that most organizations have about the amount of cloud apps being used at the company.
The compliance evaluation was based on eight aspects of the GDPR: geographic requirements, data retention, data privacy, terms of data ownership, data protection, data processing agreement, auditing and certifications.
Compliance with the GDPR involves not only that customers as data controllers implement the provisions of the GDPR accordingly, but also that cloud apps vendors (as data controllers) are also compliant. This compliance requirement of the data processor is one of the new requirements that the GDPR imposes. Data processors are also subject to strict data processing requirements and are liable for breach of their obligations. This way, customers are liable for the use they make of the cloud apps and cloud vendors are liable for inherent security and enterprise-readiness.
The report reveals that the main incompliances relate to the data export requirements after termination of service, to excessively long retention periods and to data ownership terms. Moreover, malware also represents an increasing problem regarding cloud apps.
Upon the entry into force of the GDPR, companies shall be able to
- Identify existing cloud apps in their organization and analyze the risks involved
- Identify cloud apps storing sensitive data
- Adopt measures in order to be compliant according to the eight main aspects mentioned above
- Identify cyber threats and implement adequate measures to safeguard personal data