Two-thirds of chief executives in the Grand Duchy are planning to invest in cloud computing and additional technologies over the next 12 months, says the latest PwC Luxembourg CEO Survey Report 2023*. This change is to a large extent due to businesses as well as EU and local regulators having had their eyes opened during the pandemic to the flexibility, security and robustness of online IT systems.
“There is more to implementing cloud solutions than the IT and business organisational challenges, as there are also numerous legal and regulatory considerations,” said Mr Witz, Technology Partner and Digital Leader with PwC S.C. “Patrice’s teams are in charge of the operational and transformational side of these projects, while we handle the legal side, with us working together to ensure coherence in transversal challenges,” added Ms Rustichelli, the head of the Technologies & IP department of PwC Legal Luxembourg.
There is more to implementing cloud solutions than the IT and business organisational challenges, as there are also numerous legal and regulatory considerations
“These legal challenges are considerable, and need to be assessed before planning can begin on achieving an efficient business solution,” she said. What are the regulatory and GDPR risks? How should these processes be monitored and audited? Does all the data have to be stored and processed in Luxembourg? These are just some of the questions that need to be asked.
Hybrid systems that combine on premises with cloud capability are often needed to manage these competing demands. Mr Witz recommends using cloud native technologies, designs and standards when developing new products and applications as these allow for portability and rapid modification. “Coupled with a hybrid integration strategy this enables companies to keep control over what moves in the cloud and what stays on prem – connecting disparate systems while offering flexibility and scalability to the organisation,” he said.
From a data and operational standpoint, Mr Witz highlights the need to identify critical process when setting strategy. “Customer facing applications, HR systems, videoconferencing and the like are all highly important, but they are often not core business production systems,” he said. The non-core activities are ripe for cloud migration, but increasingly core functions are strong candidates for being deployed on the Cloud.
An eye also has to be kept on cost, as this can spiral when building cloud environments. “Cost management measures need to be implemented with shared responsibility for technology costs,” said Mr Witz. Alongside this are the upskilling requirements for the workforce, featuring communication about the benefits, as well as the implications for legal and regulatory consideration, data protection, procurement and so on. Ideally the Cloud Center of Excellence which will perform the cloud transformation project will also be integrated into business functions as it becomes a standard platform.
More specifically on the regulatory challenges, as well as the requirements of the GDPR there is the advent of the EU’s DORA (Digital Operational Resilience Act) which is a compliance standard destined for financial institutions coming into effect in January 2025. Dora will feature rules on ICT risk management, incident reporting, operational resilience testing, and ICT third-party risk monitoring.
“We are also seeing the rise of national data sovereignty laws and regulations,” said Ms Rustichelli. She pointed to Germany’s new Privacy Act and the French SecNumCloud certification scheme aligned with GDPR and ISO 27001. “Operations, data processing, data transfers, data residency and more all need consideration in the light of these changes with notions of data sovereignty integrated into cloud strategies,” she noted.
We are also seeing the rise of national data sovereignty laws and regulations,
“A key point for all decision makers to understand is that cloud is a business enabler, it’s not an IT enabler,” said Mr Witz. “It is central that throughout the organisation, people understand the potential for business improvements that this can bring.” Cloud strategy needs to incorporate these opportunities in the round.
Find more information .