NetApp

Cloud GDPR

Response SurveyEMEA Findings II

© 2017 NetApp, Inc. All rights reserved. 1

NetApp and Opinion Matters

April 2017

© 2017 NetApp, Inc. All rights reserved. 2

NetApp EMEA extends its cloud survey to the next level, to gauge

response towards General Data Protection Regulation (GDPR). The

survey was conducted across a database of 750 CIOs, IT Managers and

C-suite executives in France, Germany and the UK, to understand

attitudes towards cloud services, data needs and the level of awareness

and preparedness for incoming GDPR legislation.

This presentation summarizes the understanding

of GDPR and compliance among EMEA

businesses and their level of preparedness.

Introduction

© 2017 NetApp, Inc. All rights reserved. 3

Understanding the levelof awareness and concerns towards GDPR

© 2017 NetApp, Inc. All rights reserved. 4

What’s your level of awareness towards GDPR?

Awareness level within EMEA

12%

26%

52%

10%

15%

32%

41%

9%

17%

26%

48%

8%

15%

29%

47%

9%

I fully understandGDPR

I have a goodunderstanding of

GDPR

I have someunderstanding of

GDPR

I do not know whatGDPR is

EMEA DE FR UK

Majority of respondents have some

understanding of GDPR.

Germany has the highest number

of respondents with full

understanding of GDPR, followed

by France. UK has the lowest

awareness level.

With only a year until the GDPR

deadline, almost 10% of the base

respondents don’t know what

GDPR is.

© 2017 NetApp, Inc. All rights reserved.

5

Mirroring the low level of

awareness of GDPR among CIOs

and IT Managers in EMEA :

73% of base respondents say

they have at least some level of

concern about meeting the

GDPR deadline.

Concern level within EMEA

What is your level of concern about meeting the GDPR deadline?

27%

48%

21%

4%

31%

43%

20%

5%

27%

51%

19%

3%

24%

48%

24%

4%

I have no concerns aboutus meeting the GDPR

deadline and deliveringwhat is needed

I am slightly concernedabout us meeting theGDPR deadline and

delivering what is needed

I am concerned about usmeeting the GDPR

deadline and deliveringwhat is needed

I am extremely concernedabout us meeting theGDPR deadline and

delivering what is needed

EMEA DE FR UK

© 2017 NetApp, Inc. All rights reserved. 6

Who is responsible for your

business' data compliance?

© 2017 NetApp, Inc. All rights reserved. 7

Responses towards compliance responsibility

within EMEA

Who is responsible for your business’ data compliance?

51%

46%

37%

2%

43%

47%

40%

3%

53%

43%

36%

1%

58%

49%

35%

3%

With the company thatproduces the data

With any company thatprocesses the data

With third-party cloudproviders

I don't know

EMEA DE FR UK

Companies are struggling with the

responsibilities for compliance:

Half of EMEA respondents believe that

responsibility lies with the company

producing the data.

Less than half say responsibility for

compliancy lays with the company that

processes the data.

Over a third of EMEA respondents say

responsibility for their data lays with

third-party cloud providers.

© 2017 NetApp, Inc. All rights reserved. 8

What is your level of preparedness for GDPR regulation?

© 2017 NetApp, Inc. All rights reserved. 9

Level of preparedness within EMEA

Which of these statements best describe your level of preparedness for GDPR?

49%

35%

14%

2%

44%42%

11%

3%

53%

33%

12%

1%

50%

30%

18%

2%

We have made someGDPR preparations but

are not yet fully compliantwith the regulation

We have made all thenecessary GDPR

preparations and are fullycompliant with the

regulation

We have not yet made anypreparations

I don't know whatpreparations we need to

make to be compliant withthe regulation

EMEA DE FR UK

Preparations for GDPR are slow

moving, with more than a tenth of

respondents yet to make any

preparations at all.

Almost half of EMEA respondents

have made some preparations ahead

of the GDPR deadline.

Germany stands as the most prepared

nation, followed by France and then

UK.

Only a third of respondents across

EMEA say they are investing extra

funds in preparation for the GDPR

deadline.

Germany is the most prepared

region with over a quarter saying

they have already hired specific

personnel with data protection

expertise.

Impact of GDPR on business’ Cloud strategy within EMEA

© 2017 NetApp, Inc. All rights reserved.10

How does the GDPR and European data privacy legislation in general influence your cloud strategy?

50%

37%

25%

18%21%

6%

46%

33%

26%

15%

27%

6%

55%

40%

20%

14%

20%

6%

50%

38%

28%

24%

17%

5%

We will continue toinvest into public

cloud services andensure compliancewith data regulationrequirements like

GDPR

We are investingmore resources into

data regulationcompliance

We are consideringscaling back our

public cloud servicesinvestment

We have alreadystarted lowering ourpublic cloud services

investment

We have hiredspecific personnel

with expertise in dataprotection

We do not thinkGDPR has been or

will be a majorinfluence on ourcloud strategy

EMEA DE FR UK

© 2017 NetApp, Inc. All rights reserved. 11

What are your primary motivations for cloud adoption?

© 2017 NetApp, Inc. All rights reserved. 12

Primary motivation for cloud adoption within EMEA

What are your primary motivations for cloud adoption?

Only a good quarter regard

compliance with regulation

as a key motivation for cloud

adoption.

Over half regard security as

a motivation.

This highlights the fact that

businesses are still not

focused on the issue of

compliance – a crucial

element of GDPR.

Data in percentages

56 55 5452

48 4745

30 29 29

59 59

53

46

5148

53

38

33

29

57 56 57

61

53

47

41

28

3230

53

4952

50

40

47

39

2421

28

Security Flexibility Costsavings

Ease of use Reliability Scalability Dataprotection

Data privacy Access todata

Compliancewith dataregulation

EMEA DE FR UK

Thank you.