The EU's General Data Protection Regulation (GDPR) is fast approaching but with significant resource investment required, many organisations are struggling to meet the May 2018 deadline. According to Google executives, moving data to the cloud will help take some of the pain out of upgrading security practices and data protection standards in line with the regulations.
GDPR is the biggest change to data protection regulations in two decades, and is a major challenge for many businesses. A survey from analyst firm Gartner released yesterday showed that around half of those affected by the legislation - whether in the EU or outside - will not be in full compliance when the regulations take effect.
At Google's Cloud Next event in London on Wednesday, the cloud provider announced that its portfolio of Cloud Platform and G Suite products will be fully compliant with the incoming regulations, with data protection capabilities 'built-in' to its services.
"Our security capabilities really help you with your compliance obligations," Brian Stevens, vice president of Cloud Platforms at Google Cloud, told the 4,500 attendees. "In the US we were just selected to go through the accelerator process for FedRamp, we have been offering model contract clauses in Europe for a long period of time and the underlying work we have been doing will set us up for getting ready to commit to GDPR when it roles out in May of next year."
The announcement follows similar moves by the other 'top three' cloud providers - Amazon Web Services and Microsoft Azure - which have also committed to GDPR compliance in order to support customers operating in the EU.
Google has already launched a number of services aimed at helping improve data protection and security practices, such as its Data Loss Protection API, which redacts sensitive information stored in its G Suite products, and Google Vault for data archiving in Google Drive.
According to Bill Hippenmeyer, head of Cloud Customer Engineering for EMEA, moving data to the cloud can help ease the burden faced by senior IT leaders, many of whom see GDPR as their top priority.
He told Computerworld UK: "We talk a lot with the legal teams and chief information security officers of European companies and I think everybody has concerns over a couple of things. [For example] 'can we even comply with the standards we have and if we do, what is the level of effort and resource investment to do that compliance?'"
"That is where they see an advantage in going cloud, they can offload that responsibility and reutilise those critical skills to be focused on other aspects of securing their infrastructure. So I think they see it as an accelerator.
"[European businesses] are worried about it -- they believe that they can comply, they just worry about the level of effort required to do that compliance, and they are saying why can't we outsource that to the cloud providers that are specialising in building specific programmes for that and gaining and seeking the appropriate accreditations."
Sebastien Marrote, vice president EMEA Google Cloud, said that the cloud provider also has a global team of regulatory specialists that are working on compliance. He added that the attitudes to storing data in the cloud have changed over recent years, and European businesses are increasingly aware of the security advantages offered by large cloud providers.
"The conversation we had with customers a few years ago, they were really scared of moving to the cloud because they thought it was just not safe and that data was much safer on premise," he told Computerworld UK. "Now it is totally the other way around, one of the key drivers for these companies to move to the cloud is because they believe it is much safer to store their data in our infrastructure facility which is so highly secure, with all the investment we are doing."