EU General Data Protection Regulation to Create $3.5 Billion Market Opportunity for Security and Storage Vendors – IDC

A substantial opportunity for security and storage software vendors will be created by incoming EU data protection regulations, with a total market opportunity of $3.5 billion, according to a new report by International Data Corporation.

The severity of fines, coupled with the substantial changes in scope, will drive enterprises to shake up their data protection practices, seeking the assistance of new technologies to assist with compliance, says the report.

The General Data Protection Regulation (GDPR) is a new piece of EU legislation that is likely to be agreed in early 2016.

“GDPR changes the game for any company dealing in the personal data of EU citizens,” said Duncan Brown, research director, European security, IDC. “Firms will struggle to be compliant within two years without the assistance of technology, and so we expect a major boost to security and storage sales in areas supporting compliance.“

IDC predicts that the opportunity for security software from GDPR-related concerns will be $811 million in 2016, rising to $1.8 billion by 2019. GDPR-related storage software will grow from $258 million in 2016 to $1.7 billion in 2019.

IDC is generally in favor of the measures introduced by GDPR. It unifies data protection legislation across all 28 countries of the EU, simplifying processes and legal obligations for any country dealing with more than one EU state. However, the scope of GDPR substantially increases the obligations on firms dealing with EU citizens’ personal data. The penalties for non-compliance are substantial, the primary effect of which will be to raise data protection as a business risk directly into the boardroom.

“We saw the impact of the judgement to render Safe Harbor invalid on cloud service providers, both in the EU and the U.S. GDPR will have a substantially larger impact on all firms in, or doing business with, the EU,” said Brown. “GDPR creates compliance challenges for many companies, and security and storage technology form a large part of the solution.”

The single EU-wide regulation removes the complexities businesses currently face around complying with multiple local data protection regulations in Europe. It also makes the European data protection regulation fit and relevant to the new cloud, mobile, social, and collaborative era of business, and removes barriers to market entry.

When the final text is agreed by all decision-making parties, there will be a period of 24 months before the regulation comes into force. This gives everyone two years to introduce the processes and, if necessary, technologies in order to become compliant.

While GDPR introduces important new obligations on some technology providers – cloud service providers, for example – IDC believes that it opens up a multitude of opportunities for vendors in security and storage. As the regulation is likely to be agreed by early 2016 the transition period of two years (from agreement to implementation) will see a flurry of technology adoption as enterprises scramble to achieve compliance.

Vendors seeking to capitalize on this window of opportunity should remember that customers will want distinct capability to meet the specific terms of GDPR. Simply branding products as GDPR-ready is unlikely to be sufficient or credible.

Importantly, IDC thinks that vendors and end-user organizations are waiting until the final agreed text of GDPR is formalized. This is shortsighted: the devil of GDPR is not in the detail. The broad direction and importance of GDPR is well understood and agreed by all legislative parties. While some uncertainties remain, it is quite clear that GDPR will happen, the timescale is broadly set, and the main areas of scope are well defined. Vendors need to move now to have their go-to-market strategies and product capability available as demand grows swiftly in 2016. End-user organizations can start by mapping out and classifying their business data without reference to the detailed text.

The report, EU Data Protection Reform Will Drive Growth in European Security and Storage Markets (IDC #ESS02X, October 2015), is available to purchase at $3,500.