The induction of the General Data Protection Regulation, on 25 May 2018, has considerable implications. These consequences apply to any company all over the globe that is concerned with the processing of private data related to folks who live in the EU.
When it comes to Cloud apps, GDPR applies to both the data manager that uses the Cloud Application and the third-party that offers the access to the Cloud. It appears that many providers are not aware of how GDPR influences them, or if they are, they are not doing sufficient about it.
Commvault recently carried out a survey. The results indicated that just about 12% of the 177 international IT companies asked were aware of how GDPR would influence them. Obviously, this situation must be addressed, if these businesses are to evade large fines, should they be found to be non-compliant with GDPR.
The Importance of Secrecy by Design
Arguably, the most significant thing for Cloud providers as well as users to be aware of, regarding GDPR compliance, is the idea of privacy by design. What this implies, concerning data processing in the Cloud, is that data must be safe as it moves through every part of the handling procedure. Obviously, companies must examine every feature of the way that they handle data. Cloud use is no different.
The most efficient way to make sure privacy by design is to check the data that is held, as well as examine procedures that are set up. Doing these assists companies to find any shortcomings in Cloud Applications, and make certain that they are tackled. It’s a good suggestion to use Data Privacy Impact Assessments (DPIAs) to assist identify dangers and impacts, particularly when the processing of confidential personal data is concerned.
It is important that both data managers that use Cloud App, and third-party Cloud Application suppliers perform the work provided to make sure compliance, as they can both be held answerable for any problems that occur.