How GDPR is going to redefine the cloud
Box's EMEA head talks us through the impact of the new rules


Unless you've been living under a rock for the past year, you're probably aware that the EU's new data protection regulations - also known as GDPR - are shortly going to come into force. GDPR holds organisations to strict standards regarding customer data, with harsh penalties for negligence and abuse.
It's a major issue for European businesses, and it seems like absolutely everyone is talking about it. In fact, along with the Brexit negotiations, GDPR is one of the biggest causes of uncertainty for businesses.
General Data Protection Regulation (GDPR) GDPR for small businesses: What it means for you The IT Pro view: Data protection and GDPR
As the senior vice president and EMEA general manger for a cloud storage and content management company, GDPR is understandably high on the list of priorities for Box's David Benjamin. "I personally feel that this is going to be a pretty defining moment in the industry," he told IT Pro. "It's going to be one of those 'inflection points', to use a Silicon Valley term."
One of the most significant parts of the legislation is the penalties for non-compliance. According to the law, if companies aren't abiding by the principles of the GDPR, they will be liable for up to 20 million or 4% of their global annual turnover - whichever is higher.
Despite these eye-wateringly steep fines, Benjamin says that companies are still failing to take GDPR seriously. "Customers I speak to are very aware of the impending May 2018 deadline," he said. "I don't sense, however, there is yet the movement within organisations to - and I hate using the expression - but to become GDPR-compliant. There's still an element of 'wait and see'."
This is reflected by a veritable avalanche of studies showing that companies are still unprepared for the regulations, including a new survey conducted by IT services firm Bluesource which showed that 80% of organisations will face "major challenges" for compliance when they come into effect.
US firms in particular may be caught by surprise, Benjamin said. He pointed to the Equifax breach, which has just been revealed to have affected nearly 700,000 UK citizens. "If that had happened post-May 2018, they would have been subject to a $60 million-plus fine," he said.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"It certainly hasn't filtered through to organisations that sit in the US, and don't necessarily realise that GDPR extends to all European citizens, whether they are captured in a US platform or a US-headquartered organisation or not."
The biggest problem that organisations are having with GDPR compliance, according to Benjamin, is that the regulations are vaguely-worded in a lot of places. While some elements of the rules - such as the need to appoint a data protection officer and notify users of a breach within a given time frame - are clearly laid out, many aspects have a lot of room for interpretation.
Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.
Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.
You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.
-
Asus ZenScreen Fold OLED MQ17QH review
Reviews A stunning foldable 17.3in OLED display – but it's too expensive to be anything more than a thrilling tech demo
By Sasha Muller
-
How the UK MoJ achieved secure networks for prisons and offices with Palo Alto Networks
Case study Adopting zero trust is a necessity when your own users are trying to launch cyber attacks
By Rory Bathgate
-
Data sovereignty a growing priority for UK enterprises
News Many firms view data sovereignty as simply a compliance issue
By Emma Woollacott
-
Elevating compliance standards for MSPs in 2025
Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
By Ross Brewer
-
How ready is your company for NIS2?
Supported Content The EU’s latest cybersecurity legislation raises the stakes for enterprises and IT leaders - and ensuring compliance can be a daunting task
By Ross Kelly
-
Forcing Apple to allow alternative app stores might cause major security risks
Analysis Apple will be forced to allow third-party marketplaces on its devices, but some experts have raised serious security concerns
By Solomon Klappholz
-
Top data security trends
Whitepaper Must-have tools for your data security toolkit
By ITPro
-
Why bolstering your security capabilities is critical ahead of NIS2
NIS2 regulations will bolster cyber resilience in key industries as well as improving multi-agency responses to data breaches
By ITPro
-
Conquering technology risk in banking
Whitepaper Five ways leaders can transform technology risk into advantage
By ITPro
-
Advancing your risk management maturity
Whitepaper A roadmap to effective governance and increase resilience
By ITPro