Insight and analysis on the data center space from industry thought leaders.

Why New EU Data Laws Make IT Departments Lose Sleep

IT departments are bracing for a shortage of cyber security experts and rising costs for software and equipment necessary for compliance

Industry Perspectives

April 14, 2015

5 Min Read
Why New EU Data Laws Make IT Departments Lose Sleep

Bethany Trenbath is part of the marketing team at Quantic UK, a specialist in freelancer and contractor accounting.

Plans to update the EU’s cyber security legislation appear to be causing a great deal of anxiety across the continent.

Specifically, it’s the Network and Information Security (NIS) Directive and General Data Protection Regulation (GDPR) - expected to be in force within two to three years - that have left many governing bodies and businesses feeling a little uneasy. Once applied, the NIS Directive will force more private sector companies to abide by new security and incident reporting requirements, while GDPR with tighten up the protection of individuals’ personal data.

Although there are still many aspects of both proposed laws to be tied up, a recent study conducted by IDG Connect on behalf of FireEye suggested that many IT experts in the UK, France and Germany are worried about the impending reforms from both a cost and compliance point of view. The research indicated that 64 percent of respondents are most concerned about the amount of investment into new hardware and software that will be needed to ensure they are following the new laws. Fifty-eight percent also cited implementation costs as a major obstacle, while 56 percent felt that bringing their organization in line with these legislative changes will be a complex process.

IT Departments Bear the Brunt

Not surprisingly, the IDG Connect/FireEye report showed that IT departments are expected to bear the brunt of the NIS/GDPR changes, with 62 percent of respondents predicting that it will be up to in-house technology specialists to ensure their companies avoid hefty fines for non-compliance.

Of course, many businesses will require the support of third-party experts in order to bring them in line with the EU’s reforms. At Quantic UK, we work closely with IT contractors in Britain, and we’ve seen first-hand that the demand for cyber security specialists has risen sharply in recent years, which begs the question: Is there enough talent to go around?

Those who follow the latest hiring updates from the Recruitment and Employment Confederation and KPMG will know that the clamour for IT freelancers has intensified over the past 18 months or so, and this trend is likely to become even more apparent in the coming years. Obviously, qualified contractors who do possess the necessary cyber security experience will be well aware that their skills are in high demand, and will ramp up their rates accordingly. This is something that businesses in the UK and throughout the rest of Europe will have to get used to.

Do Migration Laws Need to be Relaxed?

With European talent pools being stretched to the limit, it’s no surprise that many businesses are keen to bringing in skilled contractors from other parts of the world.

While the free movement of workers within the EU has helped the situation, there is a strong argument for migration laws to be relaxed so that experienced cyber security experts from across the globe find it easier to secure work in Europe. In one of our recent blog posts, Quantic UK explained how a similar situation has developed in the US, where 100 leading technology executives lobbied President Obama for more flexible immigration laws. They felt that existing legislation should be relaxed in certain cases so that businesses would be able to cherry-pick the best talent from IT hubs such as the Far East.

It remains to be seen whether the EU will be open to such suggestions.

Focusing Your Attention

In short, businesses in every EU member state will be battling each other for the best IT talent in the coming years.

The intricacies of the EU’s impending data protection reforms are still slightly ambiguous, but it’s likely that companies will be required to appoint a data protection officer (DPO). Some countries are already ahead of the game, as this article by suggests. While the UK and France have not embraced the DPO system yet, it is already up and running in Germany, where contracts between companies and external DPOs must carry a minimum termination period of six months.

It should not surprise anyone that Germany is demonstrating a forward-thinking, proactive attitude toward data protection, and it’s likely to be the first port of call for many EU-based IT experts looking for new opportunities.

Outside of the usual suspects - economic heavyweights such as the UK, France and Germany - data security experts might find plenty of lucrative opportunities in Eastern Europe. More businesses in Western Europe are now outsourcing parts of their organizations to nations in the East, a process that has been labeled “nearshoring”. This article by Computer Weekly showed that more IT companies are moving work to Eastern Europe, particularly to countries that are governed by the EU’s data protection laws.

What Will Happen Next?

It’s clear that some countries are better prepared for the EU’s proposed data protection reforms than others.

Companies are rightly concerned about the threat of huge sanctions for failing to abide by the laws, and there’s an overriding sense that Europe doesn’t currently have enough skilled cyber security experts to satisfy demand. It wouldn’t surprise us to see EU decision makers being put under more pressure to relax immigration laws so that businesses will find it easier to fish in talent pools in other parts of the world.

In the meantime, EU-based IT contractors that do have the required skills to help businesses fall in line with NIS and GDPR are likely to be extremely busy in the next two to three years.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like