The information technology community has been talking about the pending EU General Data Protection Regulation (GDPR) for some time now. The GDPR Is the European Commission’s pending data privacy law that will levy penalties of up to 5 percent of a company’s global turnover and supersede all existing legislation.
It provides a single set of data collection, storage and use regulations for all companies to abide by. This infographic from the European Commission nicely summarizes the GDPR, though it makes claims about its benefits to business that some are skeptical about.
What should businesses look out for when it comes to compliance in the cloud concerning the impending GDPR?
According to a report by Gartner, it is predicted that the worldwide public cloud services market will grow by 18%in 2017. And while there is no doubt that public cloud offers businesses a range of different benefits, with legislation such as the General Data Protection Regulation (GDPR) on the horizon the question many organisations should be asking is, ‘am I GDPR compliant in the cloud?’
How will cloud computing change by the GDPR? What are the general privacy challenges and the GDPR specific challenges to anticipate?
More and more enterprises are moving to the cloud. This can have big advantages for an enterprise: it also allows for a better optimization of IT resources because cloud solutions are almost unlimited scalability and have a great flexibility. All at a contained cost.
With the use of cloud services, challenges for enterprises will arise. Some challenges are general privacy challenges of cloud computing and then more GDPR specific challenges.
When it comes to the GDPR, using a cloud service does not absolve you from responsibilities regarding personal data. Indeed, the adage ‘your data, your responsibility’ still holds true. For IaaS, you are sharing some of the security responsibility, which goes on a sliding scale of increasing responsibility to the provider through PaaS and SaaS. Ultimately though, what you do with personal data is your call, so it’s up to your business to do the groundwork on GDPR compliance, even if you do pay to get some expert help.
It’s pretty inevitable to start with GDPR and cloud as cloud computing is adopted in such high degrees and is still the foundation for many digital transformation initiatives.
If your enterprise is using cloud service providers it is necessary to have a good overview of your data lineage. You want to know where the data are stored, how it can be transferred and what access possibilities you have to your own data. The location of your data is important to determine applicable law.
For more information about GDPR, please contact us.