Never forget the EU is run by lobbies by design. So usually those scary regulations are not what they seem to be.
Here is what happened in most corporations when GDPR came out:
- An new Chief Privacy Officer would be appointed,
- A series of studies would be conducted by big consulting firms with a review of all processes and data flow across the organisation,
- After many meeting they would conclude that a move to the cloud (one of the big ones) is the best and safest approach. The Chief Privacy and Legal Officer would put their stamp on it with some reservations,
- This would usually accelerate a lot of outsourcing and/or workforce reduction in IT,
- Bonus if a big "data governance" platform is bought and half implemented.
> Here is what happened in most corporations when GDPR came out
Do you have a source on that, or is this what you feel like may have happened? The move to the cloud was in full swing way before GDPR came out in 2016 and got enacted in 2018. Same for outsourcing.
I can assure you I have witnessed it in dozens of organisations and have been involved.
In terms of timeline I can tell you:
- by 2012 I already heard about that regulation but only knew it was gonna be about data protection. At that time some "Big tech" lobbying groups were already organising events in Brussels raising awareness about how important is data privacy and protection. I have been to some of those events and I even witnessed very heated exchanges between some EU people and and lobbyists about that.
Proof is a lot of people knew way before that time.
- by 2014 many big corporations were already preparing for GDPR, big budgets have already been validated. At that time they already knew it would be at least reasonably disruptive and they had to start early to prepare.
Also remember before 2014 "Windows Azure" (what would become the most successful cloud for most European corporations) was absolutely not ready as a enterprise product.
So those are not Silicon Valley startups on AWS since 2006, for many decision makers in those big corporations the GDPR upcoming problem predate the cloud solution.
“Where processing is to be carried out on behalf of a controller, the controller shall use only processors providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that processing will meet the requirements of this Regulation and ensure the protection of the rights of the data subject.”
Yes but here is the trick: when those companies found out their old applications had to be changed and legacy code had to be rewritten it was cheaper to move to the cloud/SaaS that is supposedly GDPR compliant.
Here is what happened in most corporations when GDPR came out:
- An new Chief Privacy Officer would be appointed,
- A series of studies would be conducted by big consulting firms with a review of all processes and data flow across the organisation,
- After many meeting they would conclude that a move to the cloud (one of the big ones) is the best and safest approach. The Chief Privacy and Legal Officer would put their stamp on it with some reservations,
- This would usually accelerate a lot of outsourcing and/or workforce reduction in IT,
- Bonus if a big "data governance" platform is bought and half implemented.