Skip to main content

Lack of legal training could be putting IT departments at risk

(Image credit: Image Credit: StartupStockPhotos / Pixabay)

A lack of knowledge and understanding of various laws and regulations surrounding data protection practices could put IT departments at risk, and their data in the hands of foreign governments.

A new report by IONOS polling 500 IT decision-makers in the UK says that 44 per cent don’t have a comprehensive understanding of the US CLOUD Act.

Under the US CLOUD Act, and the CLOUD Act agreement signed between the US and the UK half a year ago, US law enforcement agencies can, legally, request access to data stored by most major cloud providers, including US cloud hosting providers, regardless of the location of the data and irrespective of GDPR rules.

At the same time, 92 per cent claim to now have a “comprehensive understanding” of the EU regulation, now that GDPRis in full swing.

Achim Weiss, IONOS’ CEO, says IT decision-makers are being kept under pressure with the “constantly evolving data security landscape”.

“The US CLOUD Act adds another layer of potential misunderstanding for those hosting with US cloud providers. The only option to immediately minimise risk for EU businesses is to choose European providers that only follow GDPR,” he says

According to Weiss, there is a “clear inconsistency” between businesses that prioritise data privacy and security, and the reality. He believes ITDMs need more education about storage best practices and need to share it with their peers.