Getting started with GDPR and Cloud Providers
Now I had a session at Hackcon this week about security in the cloud, one of the important aspects of it is guidelines and regulations that all cloud provides need to follow. One of this regulations is GDPR which will be taken into effect in May 2018. Now there is alot of information in the regulation but I wanted to summerize the highlights.
- The regulation applies if the data or processor (organization) or the data information is based in the EU. Furthermore, the Regulation also applies to organizations based outside the European Union if they process personal data of EU residents. Which many of the current cloud providers do.
- It gives more power back to us consumers in terms right we have about the provider.
- It describes more in detail in how we as consumers can get insight in how a provider handles our data and uses our information.
- It allows us to easier get the ability “get deleted” or be “forgotten” at a provider like Google or Microsoft
- It allows us to ask a provider to move our information from one provider to another
- If data is to be collected or data be used, it would be needed to consented upon and can also be withdrawn at any time
If any data breaches happen, the provider would need to notify the supervisory authority straight away and notify the affected invididuals as well if impact is determined, within 72 hours.
Read the entire article here, Getting started with GDPR and Cloud Providers
via Marius Sandbu.