State Of Enterprise IT 2018

The evolution of IT

GDPR

Seperator
By Chloe Byrne, Senior Project Manager

We’ve done a lot of client research about the EU’s forthcoming General Data Protection Regulation over the past eighteen months. Often we’ve found that enterprises know they’ll have to be compliant, but there’s a general uncertainty over what this means.

It’s definitely having an effect on what IT decision makers are doing. This year, ensuring IT meets regulatory compliance is their second most likely key priority, just behind managing the IT infrastructure. It’s ahead of strategic activity, recruitment, and ensuring data accessibility. 62% also say that making their organisation more data compliant is a key driver for the IT department’s spend.

How will enterprises become compliant? One problem to solve is the use of cloud computing via shadow IT, in particular how the IT department can monitor and ensure compliance of data being put into cloud services which are created and maintained without IT’s involvement. The research shows that many departments other than IT are commissioning their own cloud services, which potentially means that the organisation’s central IT function can’t necessarily tell whether data held on those services is GDPR compliant. Our respondents know this, and 54% say that moving from cloud back to on-premise solutions would make GDPR compliance much easier.

But this is wishful thinking. IT decision makers say that an average of 47% of their organisation’s data is stored in the cloud right now, and this is estimated to increase to 56% in twelve months’ time 2017{47,56}2018. In fact, two-thirds say that more data will be moving to the cloud over the next year.

The benefits of cloud, for the moment, outweigh the regulatory headache. Now that so many individual departments are commissioning their own cloud services, it simply might be that the IT department can’t restrict the use of cloud even if they wanted to. That’s a big compliance problem which might be impossible for IT to solve alone.

What impact will digital trends have on the GDPR?

Our main report shows that most organisations are investigating nearly all digital trends like the Internet of Things, blockchain, and AI. Many are now at the stage where they’re actively investing or even implementing those technologies.

We asked the IT decision makers in our research what impact these trends will have on their organisations’ GDPR compliance, but the results are very murky. The most popular answer for each trend is usually either that it will have no impact on the GDPR, or that it will make GDPR compliance more complex. Most agree that it will make things either easier or harder. And for each trend, an average of one in seven respondents told us they just don’t know.

Many areas of the business are making spend and strategic decisions on technology, and we believe this suggests that it is other area of the business that are evaluating and implementing these trends. The uncertain data here is a reflection of the IT department not being deeply involved: they don’t know because they’ve not seen the details, and are making educated guesses.

If there’s one thing that’s characterised discussion about the GDPR over the last year, ‘educated guesses’ would be it. Most commentators aren’t sure how severely organisations will be impacted by the GDPR as they are right now, let alone after adopting digital trends that are only just emerging. The responses here are a reflection of that: IT decision makers sometimes know in detail how each will affect GDPR compliance, and sometimes they don’t.

Looking at the data, IT decision makers are most likely to have opinions on how the Internet of Things and hybrid cloud will impact on their GDPR compliance, this is likely to be a result of these two being digital trends that the IT department is involved with. Respondents also tell us that the Internet of Things is the trend that’s most likely to have the potential to disrupt their organisation over the next year, so they likely understand it in more detail than the other trends.

Regardless, much like the continuing adoption of cloud computing, enterprises will continue to investigate and adopt these trends. It’ll likely be up to the IT department to figure out how to make sure their adoption is GDPR compliant, and they’re far from certain how difficult that will be.

Any thoughts?

Other reports about the state of enterprise IT:

Seperator