GDPR and its impact on cloud system

/in /by

With the increasing use of cloud services over the past few years, it is not only the integration and adoption of cloud technology that raises challenges for the organisations, but also the question how they can achieve GDPR compliance when using cloud.

Let’s look at the main challenges:

One of the key challenges of cloud computing is related to the management of confidential information. To ensure data security, companies need to know where their data is stored, how it can be transferred and how they can access their own data. Determining the applicable law is also a key element regarding GDPR. Within the EU, physical location is the decisive factor when determining which data protection rules to apply. This challenge is made greater by the volatility of data in the cloud. Data may be regularly moved from one location to another or stored in multiple locations at the same time. Therefore, it requires great care and attention to determine the applicable law.

Other additional cloud specific GDPR challenges, such as efficient data storage in the cloud also exist. According to the GDPR, personal data should not be stored for longer than necessary for a predefined purpose. Therefore, data retention periods should be defined, and it should be possible to effectively delete data at the end of the retention periods.

The next challenge is data portability for the controller. The controller should have the capability to retrieve the data from the system in a structured, commonly used, and machine-readable format and make it available to the user the data belongs to or to another controller. It is also essential that the company concludes agreements with the relevant cloud service providers to this effect. Privacy is also a key element. Businesses, as data controllers, generally have no control over the cloud service provider’s environment, so, it is always necessary to assess the extent to which the service provider can meet the IT security requirements of the company. This can be done by assessing what IT security, data protection measures or certifications the service provider has in place or through the company’s third-party risk management process. In addition, risk management is also essential. The company’s risk management policy should also include risk management in relation to cloud service providers. Agreements with cloud service providers should also include the right to audit cloud service providers. Besides, it is also recommended to be informed about the types of metadata collected by the cloud service provider and how the metadata is handled.

Privacy policy

Copyright 2021 Dynago

A GDPR és hatása a felhőalapú rendszerekre Mennyire zöld a felhő?