More than 75 per cent of cloud apps across the European Union (EU) do not have the fundamental capabilities needed to achieve compliance under the proposed EU General Data Protection Regulation (GDPR).
That is the main finding of a new study conducted by American software firm Netskope, which claims that failings are particularly prevalent in areas such as deleting personal data in a timely manner and requirements relating to the violation of data portability.
Some 22,000 cloud apps used in the EU were tracked by Netskope, which then ranked each one with a rating between one and 100 in terms of how ready they were to adhere to the terms of GDPR.
It found that just under 28 per cent of cloud apps were deemed unfit for the new legislation, which will become compulsory by May 2018 and will aim to give individuals across the EU greater levels of control over their personal data, while also helping to simplify the privacy regulatory environment through standardisation.
A number of changes are expected to be made on the back of the new measures, including the requirement for companies responsible for processing sensitive data at scale to internally ensure they are compliant with regulations.
Firms will also be legally required to inform both national authorities and their customers of a breach within 72 hours of it occurring.
It also aims to give greater control over what data can be collected, while ensuring companies abide by the “right to be forgotten ruling”, which has been an EU practice since 2006 and requires data collectors to remove information that is “inaccurate, inadequate, irrelevant or no longer relevant.”
Another face set to be included in the GDPR regards the ease of portability, with companies soon to be obligated to more precisely provide how customer data is being used, along with taking steps to enable "data portability" in order to enable easy movement of information between one service provider to another.
When examining how ready companies were for the new measures, Netskope found that nearly half (48 per cent) were deemed as being 'somewhat' ready, while only 25 per cent were found to be completely prepared.
The results will come as a concern for many businesses, many of which have already adopted mobile and cloud strategies.
The movement to the cloud is already creating greater complexity for companies, many of which are having to deal with increased security challenges, before they even try to think about GDPR compliance.
However, they will have to ensure they can get their cloud apps up to scratch, or else face potential fines of either $22 million or four per cent of global turnover, whichever is higher.