Cloud Computing

Being Cloud Smart about the EU Data Act legislation

VMware talks a lot about being Cloud Smart and how all organizations of all sizes need to consider their current and future cloud strategy to include multi-cloud and hybrid cloud solutions. But being Cloud Smart is more than that. Consider your investments in your business today and what they will look like in 5 years. A lot can change in 5 years, and a lot will. 

The Cloud market is bouncing back for investors and faith in the industry, at this time being driven by AI and the promise of slicker solutions to optimize and make your business more competitive. It is a significant time to consider the impacts of your decisions and, particularly, if you are in the EU, your data.

Sovereignty is not a new concept but is evolving and aligns to a Cloud Smart approach. You must consider 3 pieces of upcoming legislation when looking at how your organization can pivot to use AI and cloud for optimization and competitive advantage. 

The Data Act. This has been in the works for some time, going back to the Data Protection Directive in 1995 for personal data and the processing of protected data of EU citizens. The Data Protection Supervisor in 2001 with policies and regulations of compliance, then the following Treaty of Lisbon in 2007 when data protection was first chartered as a fundamental right for EU citizens. Lastly, the one we have all heard of ,GDPR in 2016, the impacts of this are still very current in the processing of EU citizen data. Progressing from this is the Data Act, which recognizes that data and data about data (metadata), including the secure exchange of sovereign data, is the next frontier for legislation as Commissioner Thierry Briton seeks to further an EU Digital Economy

The Data Act can be considered a GDPR “+” and will have far-reaching impacts on organizations of all sizes when passed (expected to be finalized in 2023 and expected to be enforced in 2024). Unlocking the digital economy securely will ensure the EU’s dominance in future markets and is the correct approach to take, considering our accelerated computing world. 

Continuing GDPR, all data should be accessible by design and secured by 3rd party contracts to provide consistent transparency of where and how user data is processed. The Data Act promises to safeguard from unlawful data transfers and government access without notification, facilitate a fast cloud switching capability and deliver on cloud interoperability standards. These are epic changes to the Cloud Chaos situation that most organizations are in today. 

How will this affect you and your business? Just like GDPR, there will be penalties for non-compliance and possibly reprimand or a complete ban on processing data. Considering your future Cloud tools and shiny AI solutions, you need to assess the data scope for these now, before this legislation is passed, and understand whether you will have any exposure that may mean a u-turn in your strategy and a considerable cost to your business. 

VMware’s Cloud Smart approach helps mitigate this. VMware believes that the right cloud should be used for the application and the data it processes. This means the right tools, data processing, transparency, and compliance are within your cloud strategy’s scope. VMware already has multi-cloud, and fast cloud switching is included in the VMware software capabilities and scope. However, your data is your responsibility, no one can wave a magic wand and make this change, but you can rely on VMware Sovereign Cloud Service Providers to assist you with understanding the nature of the data, the classification of the data, and therefore the Sovereign controls and auditing that needs to be in place to secure your data and align to regulation.