General Data Protection Regulation (GDPR): How does the new European data-protection standard impact a company’s cloud strategy?

The General Data Protection Regulation (GDPR) harmonizes the rules for the processing of personal data by private companies and public authorities throughout the EU. This forces many organizations to think again about the cloud strategy.

Author Safe Swiss Cloud on 20 December 2016 Safe Swiss Cloud's blog

Without cloud services, many companies would now be silent, whether in the financial industry, in the healthcare sector, or in public administration. One of the important questions often asked by the IT managers of these companies is that of data protection and data security. What happens to my business critical data and services in an emergency? How fast are they restored? And who guarantees me sufficient security?

There will also be numerous additional regulatory requirements. In May 2018 at the latest, all companies active in the European Economic Area should expect some more regulation: the General Data Protection Regulation (GDPR) of the European Union, adopted in April 2016, will impose a set of rules for the processing of personal data by private companies and public bodies throughout the EU.

It may seem as if there is still plenty of time before 2018, but the number of IT implementations and the complexity of the IT networks and data storage built up by companies over time can actually limit the time one has for implementation. And please take note: there hardly is anyone who will not be affected by the GDPR, because it applies to all companies and organizations that offer EU-based personal goods or services, regardless of the place of operation.

Therefore, it is worth knowing right now what the many new provisions of the Data Protection Basic Regulation mean in detail:

Data protection in design and as a standard

Until now, companies have been compelled to adopt “appropriate technical and organizational measures” to protect personal data. In the future, the GDPR will also oblige companies to provide evidence that the measures taken are constantly being reviewed and updated.
In addition, companies must prove that data processing processes already have appropriate protection measures through the design, and that, in principle, personal data is only processed where this is absolutely necessary.

Data Protection Impact Assessment

Companies will be compelled to carry out a data protection impact assessment concerning the planned processing operations if it appears likely that processing results hold high risks for privacy. In such cases, the competent data protection authority must be consulted.

Compulsory notification of data

All companies must report data violations within 72 hours.
In the case of a data breach with high risks for privacy, the affected persons must also be informed.

Apart from these technical details, the GDPR also forces many organizations that use cloud services. It obliges companies not to store or transfer personal data in countries outside the European Economic Area if they do not have at least as high a level of protection as the EU has. These requirements cannot be fulfilled in such a short time, especially by many large cloud providers, since they usually store and process data from European customers outside the EU – often without their knowledge. The list of countries that meet European privacy standards also is very short. Just 11 countries can be found – and the USA, where nearly 70 percent of global cloud providers have their headquarters, is not among them.

Especially for customers of US cloud providers, there is a need for action due to the new regulations. A 100 percent European provider gives more security here to meet the requirements of the future.

We at Safe Swiss Cloud are adamant that a regulation such as the General Data Protection Regulation is not just a call for action in order not to have to pay high fines – it is also a great opportunity. Companies should recognize that privacy, security, and compliance with the highest standards are highly important brand distinction features. And that is where we would like to accompany our customers to.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Please Note:
You may use one of these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-marketing	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Marketing".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
JSESSIONID	session	Used for Cross Site Request Forgery (CSRF) protection
sdsc	session	Signed data service context cookie used for database routing to ensure consistency across all databases when a change is made. Used to ensure that user-inputted content is immediately available to the submitting user upon submission
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_D83559EP8M	2 years	This cookie is installed by Google Analytics.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.
split	1 month	This cookie is used to evaluate the changes to the website by checking which multivariate test the user takes part in.

Cookie	Duration	Description
bcookie	1 year	Browser Identifier cookie to uniquely indentify devices accessing LinkedIn to detect abust on the platform and diagnostic purposes
bscookie	1 year	Used for remembering that a logged in user is verified by two factor authentication
lang	session	Used to remember a user's language setting to ensure LinkedIn.com displays in the language selected by the user in their settings
li_gc	6 months	Used to store consent of guests regarding the use of cookies for non-essential purposes
li_mc	6 months	Used as a temporary cache to avoid database lookups for a member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side
lidc	24 hours	To facilitate data center selection

General Data Protection Regulation (GDPR): How does the new European data-protection standard impact a company’s cloud strategy?

Search Blog

Questions or Feedback?

Recent blog posts