How can IT Decision Makers evaluate their Cloud Computing Options? #3 – Compliance

Author Prodosh Banerjee on 15 June 2023 Prodosh Banerjee's blog

All European organisations need to conform to the European Union’s GDPR laws (General Data & Privacy Regulation). The recent case of the European Union fining Meta (the parent company of Facebook, WhatsApp and Instagram) €1.2 billion for not conforming with GDPR is an indication that organisations need to take the data privacy of their customers seriously or risk large fines (See  “Facebook owner Meta fined €1.2bn for mishandling user information“)

It is also worth noting that the USA’s Cloud Act of 2018, gives USA authorities the power to force USA cloud and hosting companies to hand over customer data, no matter where in the world they are hosted and non-USA affected parties have no access to due legal process in the USA. The European Court of Justice (CJEU) in its ruling on 16 July 2020 invalidated the existing “Privacy Shield” agreement with immediate effect, so that customers now need to very carefully consider how they will be meeting GDPR obligations for personal client information when hosting with a USA based cloud provider. See this communication of the European Parliament to understand implications this has.  

An updated Swiss data protection law comes into effect on 1 September 2023 – see the official communication here (in German). This will require Swiss organisations to re-examine their privacy policies, especially related to data storage and make sure they conform with the new regulations. Potential users of cloud hosting services should review this list to verify that their cloud hoster meets the requirements of the Swiss Data Protection standards. (See list)