FOCUS
Data protection in the Cloud era
November 22, 2017 – The digital transformation era is increasingly driving companies to consider the cloud as a business strategy to be more competitive.
Organization moving to cloud solutions get significant benefits in terms of cost reduction, flexibility and scalability, but the inability to have direct data control increases the concern about data security.
That’s actually why, in recent years, the interest to ensure greater privacy protection in all EU member states by standardization bodies and the relevant authorities has been intensified.
For example, the forthcoming General Data Protection Regulation (GDPR) is a Regulation by which the European Commission has decided to unify and strengthen the protection of personal data for all individuals within the European Union (EU). The Regulation also applies to organizations based outside the European Union if they collect or process personal data of EU residents
This Regulation will come into force on May 25, 2018 and companies are committed to implement procedures and practices to ensure data protection. Any non-compliance could led to significant fines of up to €20 million or 4% of global annual turnover for the preceding financial year.
In the Cloud area, under the current EU Data Protection Directive, cloud providers have limited direct obligations whilst their customers are the responsible for handling personal data.
With the entry into force of GDPR, clear responsibilities between cloud service providers and organizations that use their services will be established, and data compliance requirements requested to both parties will increase.
Organizations should perform an accurate “due-diligence” process before choosing their cloud provider, examining practices and strategies around issues such as security in terms of data confidentiality, integrity and availability, access management, incidents response service levels, legal impacts, etc.
Moreover, companies shall develop the necessary knowledge and skills to complete the assessment in each involved business sector and according to the different responsibilites, in order to achieve and maintain GDPR compliance.
The support of an external organization that provides consultancy and assistance on GDPR implementation could be helpful.
Italtel can offer these types of skills to companies and can support them in the process of defining and verifying their own responsibilities.
For further details, read more about Cyber Security’s offer line.