Shadow IT and cloud risk analysis
Awareness of your ‘shadow IT’ is the first step towards GDPR compliance and handling your unknown risks.
Enfo has tools, methods and expertise to assist you in taking control and maintaining your ability to comply with the GDPR over time. The first step on the road is the cloud risk analysis, which will provide you with understanding and a concrete action plan for the future.

The wave of digitalisation entails dramatic changes for organisations both now and in the future. One example is the explosive growth in cloud applications. According to the Netskope EMEA Cloud Report for September 2016, an average organisation in Europe uses 824 cloud applications. Findings from analyses of Swedish organisations show that the number of cloud applications is generally over 1,000 per organisation.

A large proportion of cloud usage is currently hidden from the organisation’s IT department, as many of these services are free of charge or financed through personal spending by the user. This hidden usage, also known as ‘shadow IT’, means that data is moved and stored in various cloud applications which expose the organisation to great risks in the form of legal infringements and loss of sensitive information.

The EU’s new General Data Protection Regulation (GDPR)

To enhance the protection of personal data for its citizens, the EU has produced a Regulation, encompassing 28 States, which replaces the existing Personal Data Act (PuL) in Sweden. The Regulation enters into force in full on 25 May 2018 but is already applicable today. In brief, it provides that organisations processing personal data bear a great responsibility to take the necessary security measures, and need to guarantee that personal data will be treated as confidential. Heavy fines of up to 4% of the organisation’s annual revenue or EUR 20 million may be imposed on anyone who fails to comply with the Regulation.

One of the most underrated challenges to compliance with the Regulation over time is the unstructured use of cloud applications, and hence also the risk that users within the organisation could share personal data and company-sensitive information outside the direct control of the organisation.

Enfo can help organisations to achieve the goal of being ‘GDPR compliant’ and to handle compliance with the Regulation in a structured, economically viable and effective manner over time. With our simple method, which is designed to provide insight into the increasing use of the cloud (shadow IT), we can help you to achieve the goal of GDPR compliance.

The first step on this road is a cloud risk analysis. We use a market-proven solution to conduct a data-driven analysis of the cloud applications in use in your organisation. We then add our own experience and knowledge of how the volume of data should be interpreted and what priorities should be set, and to suggest a recommended way forward (a roadmap) with a clear next step on the way to a complete management model for GDPR compliance.


Erik Brügge

EVP, Sales


+46 774 404 400

EXPLORE what we know and do
EXPLORE what we know and do