The upcoming EU Data Protection Regulation is expected to increase requirements around where business data is stored throughout Europe, meanwhile, a UK exit from the EU could also spell stricter, more independent UK data laws that businesses have to adhere to and to which UK businesses aren’t ready for. Particularly as the new laws could end up with UK businesses paying up to £1.6 million each to move the data they have outside of the UK back on to safe territory.
A new VMware survey of IT decision makers attitudes and knowledge of forthcoming EU legislation and possible changes, shows more than a third (34%) of UK business data is currently located outside of the country, with more than three quarters (76%) of businesses having at least some business critical data residing overseas
With so much data stored offshore, almost seven in 10 businesses (69%) are concerned they may need to move their data in line with any regulatory, compliance or customer requirements.
The research also shows 95% of respondents use some form of cloud services to host their data (including 37% using public cloud and 34% using hybrid cloud). Over two thirds (70%) are concerned they would need to move their data to a different cloud provider who could host their data in the appropriate location if the European landscape changes.
Despite the potential upheaval, half (50%) said they are yet to start making contingency plans while only 10% are fully prepared to move their data to UK soil, if necessary. 96% of organisations also admitted it would cost them a significant amount to move their data to a different location if needs be, with the average cost being estimated at over £1.6 million, with an average timeline of three months.
Richard Munro, Chief Technologist and Technical Director for vCloud Air, EMEA at VMware commented: “Only a third (37%) of organisations could say with complete confidence where all their data is stored, so it will be difficult for them to assess whether it is compliant in any eventuality. The best approach is to be prepared for change well ahead of the new directive. This includes clear visibility into where data is stored when using a cloud provider, and having the ability to move it from one location to another if necessary within a short timescale.”
Roy Illsley, Principal Analyst, Infrastructure Solutions at analyst house Ovum commented: “The challenges surrounding the location and protection of data are not new. Organisations should ask their provider where their data is stored, and whether facilities exist to store data in the UK if needed, but also - how their data should be categorised to ensure it is stored in the right location.”