The rise of the economy has spiraled throughout the past several decades, creating an urgent need to account for the huge amounts of data and information. The forthcoming General Data Protection Legislation (GDPR) – passed by the European Commission – plans to help control this sprawl by strengthening and merging data protection for individuals inside the European Union (EU), and by addressing the export of personal data outside the EU as well.
The GDPR introduces steps to provide better management of data to consumers. This includes ensuring that the safety of personal data from many different resources, like employees, customers, and partners – focusing on everything from addresses to usernames and IP addresses.
While many individuals believe that their data must be held in the EU country where they live, that fact is that data can be stored anywhere — as long as its own collection and usage comply with regulations that are GDPR.
The May 2018 effective date of this GDPR is around the corner now behind us, with all European and non-European businesses active in the European Economic Area (EEA) affected. This has led organizations around the globe to invest time and tools to evaluate and ensure that they’re compliant with GDPR.
GDPR and the Cloud
What exactly does the GDPR mean for cloud-hosting service providers (CSPs) specifically? Previously, data-protection regulations applied to the organization or this individual that decides way and the purpose of processing data.
As “chips” rather than “controls” of their customers’ personal data, CSPs had not been held responsible for data breaches. This changes with GDRP. The GDRP expands the compliance duty to the “processor” of the data as well.
Data privacy challenges are creating more complicated by the fact that the geographical location of a data is not always readily determined. Within the EU, the physical location is an aspect. In other jurisdictions, other regulations may apply.
Since data can be saved in multiple places by CSPs, personal data might be saved outside the European Economic Area (EEA). If no adequacy decision was made about the nation measures should be obtained.
Tools and organizations have arisen to help businesses handle the complexity of complying with the GDPR.
The move to encourage GDPR necessitates cloud enterprises and providers to accommodate internal processes and policies requiring a significant amount of resources and work. Both firms and their cloud providers take all and risk need to be in compliance to be sure the GDPR functions.
The GDPR Compliance of cloudShare