GDPR and Cloud Services
In a previous blog on General Data Protection Regulation (GDPR), I touched on cloud services, data ‘ownership’ and responsibilities, which prompted questions that I thought would be a good topic in this space.
If you are like many around the world, you’re looking into GDPR and finding you’ve got data in public clouds and/or you’re consuming ‘X as a Service’. How do you stand? What do you need to look at? Where does this leave your compliance plans?
Data Location and GDPR
The first thing you need to consider is your cloud suppliers’ stance on privacy and GDPR, which will vary by their location. Data sovereignty is an important issue today, and will become more important beginning May of 2018. Data is subject to the law where it resides, as demonstrated by a recent spat between the U.S. government and Microsoft. However, whether you’re located in the European Union (EU) or elsewhere – and if you hold and process data that applies to EU residents – you will have to comply with the GDPR. This is regardless of where you store your data. As stated in the regulations, that means personal data stored outside the EU must be offered ‘adequate’ protections in comparison with EU law.
Read the entire article here, GDPR and Cloud Services | Commvault Blog
via the fine folks at Commvault