Effects of GDPR on Cloud Computing

Home Forums Cyber Security Effects of GDPR on Cloud Computing

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #2877

    Every week, numerous profit and non-profit making companies are migrating to the cloud. In the last ten years, millions of companies and other forms of organizations have adopted cloud computing, and the trend is expected to continue.

    Cloud computing has many benefits to businesses such as improved optimization of Information Technology resources because cloud computing provides unlimited scalability and tremendous flexibility at an affordable cost.

    The primary objective of GDPR is to harmonize countries belonging to the European Union to allow the implementation of standard laws concerning data protection as well as improving the legal position of the involved parties.

    GDPR has brought the following major changes:

    • The introduction of new duties regarding data protection.
    • Strengthening people’s rights through information and transparency requirements
    • Sizable increment in the fines imposed on companies that do not comply with the laws`
    • This regulation applies to all countries that collect information from European Union citizens even if the organizations are based outside the EU.

      GDPR effects on cloud computing companies
      Besides the opportunities brought by GDPR, there also challenges. An organization’s readiness for GDPR is indicated by its criteria for collecting data and the level of protection. Many organizations have complex regulation. The organizational, legal, technical and financial challenges caused by the regulation have only been overcome partially.

      The challenges brought by GDPR can be classified into two categories; General and Specific challenges.

      General challenges

      One of the general challenges resulting from these regulations entails the sensibility of client’s information. Cloud computing service providers host different types of information such as classified information which can accidentally fall on the hands of unauthorized people. The risk of information leakage occurs when data storage and processing facilities are shared.

      Determining the applicable law can be a challenge because it is hard to associate specific data type with a
      particular geographical location concerning cloud computing. Since it is difficult to establish the physical location of data, it becomes hard to figure out the applicable laws.

      Another challenge is the externalization of privacy. Companies that use cloud computing services normally expect the service providers to apply privacy commitments agreed upon with users.

      Specific challenges

      GDPR indicates that personal information should only be stored up to a particular predetermined time and after achieving a predefined purpose. It is, however, difficult to follow this provision because data is stored in multiple jurisdictions in several locations and by different service providers.

      GDPR recommends breach notification obligations and breaches notification protocols to be included in all data processing contracts established between cloud computing companies and clients. The procedures for notifying clients about breaches should be defined clearly. Unfortunately, some violations are shown to the public even before informing the clients.

      Other specific challenges introduced by GDPR pertain data security and privacy, data processing in locations outside EU, the ownership of data, visibility about data minimization and metadata, data portability, risk management aspects and privacy by design and architecture.

      Mobile applications and compliance of GDPR
      Parties that fail to comply with GDPR are imposed somehow unreasonable fines. Since compliance is a must for companies with website visitors and customers in the EU, app development companies are doing their best to come up with GDPR compliant apps.

      It is crucial for all app development companies to understand the process involved in getting, transferring, handling and storage of users’ data. They should also establish ways to secure the client’s information and measures to improve data security for them to develop GDPR compliant applications.

      Any entity that stores or processes personal information concerning EU citizens within the European Union member states has to comply with GDPR. The various forms of data found in the provision include sexual orientation, personally identifiable information (such as an address, names, and social security numbers), political opinions, biometric and ethnic data, and health & genetic data.

      Any company found breaking GDPR can be forced to pay 4% of its annual turnover or a higher value amounting to €20 million.

Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.