Late this week I flew to Scottsdale, Arizona to participate in another very solid CDM Media CIO event, entitled the “CIO Cloud Summit.” While I will draft a separate research communication summarizing some of the key takeaways from this event, I had a interesting side conservation with one of the delegates – Drew Simonis (Information Security Officer at Willis Holdings – one of the largest insurance brokers globally) – who was kind enough to share some links to a leaked set of draft EU documents that will eventually help shape where EU data privacy law will go over the next three years, as the EU puts in place a new set of regulations to standardize what is today a wide range (and often chaotic set) of country-specific policies and practices.

Recently we published a premium research deliverable in our CRS-Base subscription service (“A Brief Look at Data Privacy Concerns and Enterprise Cloud Migration,” – if not a Saugatuck subscriber, click here to purchase and download) that details some of the issues. This was a follow-up to a business trip to Germany that I took in late October, where I had the opportunity to meet with a number of IT leaders in the metro Frankfurt area, including the CIO of R+V Versicherungen (huge Insurance provider), the CTO of HZD (service provider for State of Hessen), and a VP and CIO at Deutsche Bank AG (retail division) – as well as senior business and technology leaders at T-Systems and Software AG.

While each meeting had its own focus and rhythm, what they all shared in common was a discussion around how best to navigate the current EU- and Germany-specific data privacy laws (detailed in the Saugatuck Strategic Perspective noted above). Following our return, Olaf Schnapauff, Director of Enterprise Architecture at T-Systems, along with some of his colleagues, was kind enough to help us better understand some of the intricacies and history in these regards via a conference call.

We encourage our readers to read the following article posted on 06Dec2011 that summarizes some of the new legal framework vis-à-vis protection of personal data in the European Economic area, that will ultimately drive new EU-wide regulation by 2014 (after public comment and updates):

http://www.itlawgroup.com/resources/articles/229-proposed-data-protection-regulation-unveiled-by-eu-commission.html

For those who want to dig deeper, here’s another interesting link to read that provides insight and analysis of the proposed regulations, as published earlier today by the UK-based Register:

http://www.theregister.co.uk/2011/12/09/draft_data_protection_leak_unlikely_to_be_enacted_in_current_form/

While we still have several years to go before we will ultimately see a European-wide set of data privacy standards – as there are a number of important issues that need to be fleshed out and evolved (including revenue-based penalties, which appear overly harsh in my opinion) – clearly this is a step in the right direction to help ensure that the EU continues to remain competitive as we march forward in a Cloud-enabled global economy. 

This blog originally appeared at Saugatuck Lens360.