GDPR – Requirements for Cloud Services and Online Privacy

The Cloud and EU GDPR

The General Data Protection Regulation (GDPR) came up with huge challenges for almost all size of companies. No matter whether it’s a medium-sized company or a tech giant hardly anyone is excused from the new data protection regulations.

But why do even the world’s largest corporations have significant problems with the new regulation? It is mainly due to the very diverse regulations of the countries. While Belgium is also living up to protect itself in terms of data protection, the regulations outside of EU are less mature. One thing is certain: those world’s largest corporations that are also active in the Belgian market have to adapt to the GDPR. This includes cloud providers, since, under GDPR, the storage and processing of personal data in the cloud is only possible with the consent of the concerned person. In addition, the removal must be guaranteed at the end of the business relationship. Personal data must be encrypted in the cloud to protect against fraud. And these are just a few of the many other requirements.

 

A provider comparison requires time & know-how

SMEs mostly rely on service providers from a pool of about twenty to thirty major vendors, including Mailchimp, Salesforce, Dropbox, Microsoft Office 365, and AWS. Why are so many companies using US-based cloud solutions? Well because applications like Dropbox or Microsoft Office 365 are well known and easy to understand. The general agreement for widespread use has increased significantly in recent years, cloud applications are now an integral part of everyday work almost all around the world. However, the fact is that small and medium-size businesses often do not have the necessary technical know-how when deciding on a cloud provider, in order to analyze the available solutions in terms of data protection. And once a cloud solution is used, companies are more likely to face a change.

 

More and more enterprises have moved to the cloud. It represents big advantages for an enterprise: it also allows for a better optimization of IT resources because cloud solutions are almost unlimited scalability and have a great flexibility. All at a contained cost. As a general rule, in regards of GDPR regulations, Cloud solutions are not prohibited, also not necessarily risky as far as the data protection regulations are concerned. However, it is riskier to use a provider from a third country, since the risk of doing some significant data protection errors is high. With that being said, the cloud service provider cannot do anything with your data, unless you instruct them to do so and the data remain within your controllership.

 

The data protection regulations are in force since 25 May 2018, brings the following legal innovation: under the GDPR personal data may not be stored longer then needed for the predefined purpose. Therefore, retention periods must be implemented, and it must be able to delete data effectively when retention periods has expired: both for data locally stored and in the cloud. The difficulty here is that data can be stored on multiple locations, under multiple jurisdictions, by cloud service providers, and therefore there is the challenge to identify and manage multi- jurisdictional retention requirements. The deletion of data will also impose a challenge. To delete data completely, backups must be taken into consideration as well. Therefore, it is important to have a clear overview of how backups are secured, and retention is managed by your cloud service providers. In this case, Cloud users are no longer solely responsible but also the cloud provider for any violations of the law.

The people who tadalafil 20mg are facing depression basically face problems such as sadness, anxiety, loneliness, angry, irritated, guilty, etc. In such cases, you should seek immediate medical help to avoid long-term injury. levitra no prescription http://appalachianmagazine.com/2017/10/27/map-explains-why-you-say-pop-soda-or-coke/ is used to treat male sexual function problems by blocking a certain enzyme (phosphodiesterase-PDE5) in the body. If any obstacle comes in the way of any http://appalachianmagazine.com/author/appalachianmagazine/page/45/ online viagra order of the three pills. There was always information, scientists have information (though mostly theories), doctors have information (some wrong some right), savants and mad men (not the same by the way) have information, Corporations have information, Governments (God bless them) have information. Read More Here online levitra  

Security is not equal to privacy

However, companies that use cloud services cannot stay ignorant. Although certain levels of security are required in a cloud solution, depending on the complexity of the data processing and protection of personal data, data protection may not be required. The US provider Dropbox had to give in to the strong pressure and adapt its privacy policy. However, there is still a security-related need for improvement with Dropbox and other cloud providers – for example, in the case of encryption in the case of digital transmission of documents. If needed, a company-hosted solution can be use or the technology can be deployed on its own server. This allows companies to store their data locally, without the need for a third country or subcontractor.

 

Server locations are becoming increasingly transparent

When choosing a cloud provider, questions about the frequency of backups, secure location of the server cabinet, ventilation or backup generator are less relevant today. If a company wants to use a cloud solution, the key question is which country the servers are located in. The US providers had to improve in some aspects here, in order to meet the requirements of the GDPR. While the specifications in the contracts were still relatively vague a year ago, today one has an increasingly better insight into which country precisely there data is stored. However, market-leading vendors continue to find it rather inaccurate, arguing that they need some flexibility to move an increased volume of data as needed.

 

Next step

If your enterprise is using cloud service providers, it’s very important to have a good overview of your data lineage. Its important to acknowledge where your company data is stored, how it can be transferred and what access possibilities you have to your own data. The location of your data is important to determine applicable law. You also want to check whether the security measures the cloud provider has taken are sufficient, an audit can be a good measure to do an assessment on these measures, so you want to incorporate this right in your agreements.

Big Day for your Data – What did GDPR changed from 25 Mai 2018?

As from 25/05/2018, the new European data protection rules (GDPR) from companies and governments require that they use your data more carefully. Otherwise, companies and governments can be expose to the risk of huge penalties.
After a start-up period, companies operating in the European Union must henceforth be in line with new data protection rules. Thanks to the rise of online services, such as social media and e-commerce, more and more companies have access to your data. GDPR have to make sure that they take your privacy seriously this time.

 

GDPR compliance report from Crowd Research Partners and Cybersecurity Insiders in partnership with the 400,000+ member of Information Security Community on LinkedIn reveled thatGDPR is a priority for the vast majority of respondents (80%); for a third of respondents (34%) it is one of the top three priorities. 20% say GDPR isn’t a priority – but that won’t relieve them from having to comply with the law.

 

GDPR COMPLIANCE PRIORITY

 

What is it about?

 

As already explained in detail in our previous blog posts, the idea behind the General Data Protection Regulation (GDPR) is that you retain control over who uses your data and for what purposes. Companies that want to send you a newsletter or promotional e-mail must have your explicit permission. The request for permission must also be specific, clear and not ambiguous.
But the requirement to ask for your permission does not always apply. Sometimes a company needs your data to be able to deliver a product or service. If you want a parcel to be delivered through a webshop, it needs your address. You are then in a contractual relationship. Governments can also process data without permission as they have legal obligations to fulfill.

 

What can you expect?

 

You’ve probably received a rain of mails during the last few days and weeks. These are meant to ask for your permission to keep contacting you. But companies, if properly prepared, also present new privacy tools in the same mail. This is mostly a dashboard where you as a customer can change your privacy preferences at any time.
After all, it is not because you once gave your permission to process your data, that this always has to be the case. The new rules stipulate that you can view, modify or remove your data at any time. At least: you can submit a request for it. Companies still have a lot of work to do that.

The new rules must also allow you as a customer to ‘take’ data with you. If you changed telecom operator in the past, you had little say on what happened to your old data provider with your data. Now you have the right to have the data removed and your data, ‘in a readable format’, with you. That can feed competition.

 

What if you did not respond to any e-mails?

The aforesaid drugs work, for sure, very effectively and help a http://appalachianmagazine.com/category/life/faith/?filter_by=popular7 cialis wholesale man stay in better physical shape. And, improper functioning of reproductive organs can brand cialis for sale check out for source negatively have an effect on sexual health of males, next to giving rise to a alteration in their temper and deeds. So the best way to cure sexual disorders. http://appalachianmagazine.com/2016/07/19/uber-services-now-available-in-west-virginia/ cialis discount online We see plenty of men sitting at home, taking care of children, while allowing their partner to go out and free sample levitra run a marathon either.  

We all saw emails coming in with the question from companies if they could still contact you. Companies that do not have your explicit permission and still contact you from today onwards, in theory, is illegal.

 

What are the concerns for companies?

 

The first question that every company must ask itself is whether it processes personal data. This includes the disclaimer that there are few companies that do not collect or process data. Personal data are not only limited to the data of customers, but also those of employees.
For that reason, personal data is often distributed throughout the entire company, from customer service to HR. A good first step is setting up a data register, which maps out which department processes which type of data. The company can then make a privacy statement, which lists which data are kept and for which reason. A number of specific companies that collect sensitive data on a large scale must also appoint a data protection officer from now on.

 

Are companies ready?

 

It won’t sound so shocking if I say that most of companies aren’t ready. GDPR compliance report from Crowd Research Partners and Cybersecurity Insiders in partnership with the 400,000+ member of Information Security Community on LinkedIn reveled that 60% of organizations are at risk of missing the GDPR deadline. Only 7% of surveyed organizations say they are in full compliance with GDPR requirements today, and 33% state they are well on their way to compliance deadline.

GDPR PREPAREDNESS

 

What are the challenges in GDPR adoption?

 

Up-mentioned study shows that the biggest challenge in GDPR adoption is related with lack of expert staff (43%), followed by lack of budget (40%), and a limited understanding of GDPR regulations (31%). A majority of 56% expect their organization’s data governance budget to increase to deal with GDPR challenges.

COMPLIANCE CHALLENGES

Who checks and what are the fines?

 

The majority of the GDPR regulation is a repetition of previously existing principles. The big difference is that European companies that are too lax with your data can now be hit in their wallets. With a maximum of 20 million euros or 4% of the annual turnover.

Cheap Tents On Trucks Bird Watching Wildlife Photography Outdoor Hunting Camouflage 2 to 3 Person Hide Pop UP Tent Pop Up Play Dinosaur Tent for Kids Realistic Design Kids Tent Indoor Games House Toys House For Children