The General Data Protection Regulations or GDPR came into force in April 2016. Some people think they are a thorn in the side of cloud providers, but I beg to differ. I regard these regulations as an aid rather than a threat to investment in the cloud.
In essence, the GDPR define the rules that apply to using and processing personal data of EU residents. They also apply to companies without an office or branch in the EU and irrespective of the context (private, public or commercial). Only the police and intelligence services can claim certain exemptions.
The GDPR therefore create a harmonised legislative framework for data protection within the European Union. And that makes the rules of engagement simpler for both European and non-European organisations. If you fail to comply, you risk heavy sanctions.
The new European regulations use five basic principles:
The GDPR applies to your organisation, irrespective of whether you store your data within your own four walls or in the cloud. What are the specific implications?
But what about the cloud? Some time ago I spoke about Pizza-as-a-Service as a way of comparing the various cloud models. Today we are updating this recipe and baking a secured pizza.
Certain responsibilities will lie with you or your cloud provider depending on the cloud service you choose. At the end of the day, ultimate responsibility for the data lies with you. But that doesn't mean that cloud providers have a get out of jail free card. They too have to take sufficient precautions to secure the data infrastructure properly.
The cloud can help you put the GDPR into practice. Various cloud services focus on information security.
Imagine your company sells a product containing an ingredient that is a commercial secret. You can encrypt this secret and only give the key to certain recipients. Then it no longer matters how you store your data. Even the most insecure infrastructure will do. Without the key, nobody can read it anyway.
Then make sure you watch the Xylos GDPR webinars. You will learn a hands-on approach to getting to grips with the GDPR rules in just two sessions.
This approach not only helps you map out the state of affairs in your organisation in a methodical way but Xylos also works on a strategy to help it comply with the applicable legislation based on the specific situation in your organisation.
Your email address will not be published. Required fields are marked.