The personal data is to be considered as EU Data protection directory. This may be in the form of fragmented data, encrypted data and anonymized data in the cloud. Cloud is a term which uses many servers for processing of data. For many companies at present cloud became the It sourcing. The cloud computing services should be used economically and responsibility. We have to keep in mind the data protection when you are planning for cloud services. In the IT infrastructure of the cloud, all the personal data of others are to be stored and is also processed. So there might be chances of security issues. On 25 May 2018, the law is passed which is for data protection. It is named European general data protection regulation(EGDPR). The law is applicable mainly in EU countries. At present, the law is applicable beyond the EU. The EU is sending a clear signal of how society is reacting to the rapidly changing circumstances. Most of the companies and many users are facing the issue because of this GDPR. The main aim of DPD is for the free moment of our personal data in the European economic area. It will promote national data protection provisions.
Privacy Check Of Cloud:
To help the companies to face challenges “cloud know-how” was launched by EuroCloud Europe. It contains checklist, to-do etc., Cloud privacy check is the major element in the stream “cloud know-how”.The major concern for cloud privacy check is to present complex data protection for easy understanding.CPC does not replace legal expertise, but composes and simplifies complex subjects without losing important information. The CPC identifies programs that are appropriate and can be done to be compliant when moving data to the cloud. There are 4 steps to be addressed by the cloud user to the cloud service provider within the CPC. The cloud users will understand the future setup with the help of these questions. The CPC will also help the users for guidance in their future with the cloud.
More than 50 lawyers from different countries like Europe, Turkey and Switzerland had assessed the European CPC network and approved them. Around 30 countries formed the European CPC network which is a because of the cooperation between the law firms.
If we wish to do business with EU residents there are few rules to be followed. For the supporting of the rules, GDPR defined several roles like data processor, data controller and data protection officer.
-EU residents data is to be stored and is processed by DPO. Ensuring GDPR compliance, educating the company and the contact point if they are concerns is the designation of DPO.
-All personal data records are to be maintained and processed by data processors. Even if the outsourced processor really violates the rules, you and the cloud provider can be in trouble. Basically, you can be responsible for the actions or inaction of the provider that you are leasing. This is important when considering the use of cloud-based platforms because there is a possibility that your cloud companies and providers will be responsible for non-compliance.
-How the personally identified information is to be processed will be defined by the data controller. As long as the regulations are to be followed this will takes place outside and inside of EU.
Almost 2000 companies globally do business with EU residents. Its been too late if you have not started for reorganising and retooling the GDPR. we recommend that you run an internal compliance audit at least twice a year to better understand your ability to comply with GDPR. If you violate this rule, there are severe financial sanctions, whether you are based in the EU or not. As part of that effort, be sure to update the SLA to include requirements regarding compliance with GDPR. Again, you and the cloud provider carry some risks here, and each can harm the other if basic GDPR rules and processes are not followed. The cost of compliance can make some small companies unable to serve the EU population and they must be sure that they do not.
Cloud computing and Data protection:
Business world requires high efficiency and high potential cloud services. The following things are to be identified from a data protection perspective:
Loss of control:
Loss of control indicates that the affected person does not know who the authorised third party persons are or they no way can monitor them. With the increase in the number of people who are authorised for the protection of processed data should act according to data protection law.
Risk of third party involvement:
The processing of the personal data by cloud service customer which is involved by the third party with the cloud service provider. From the point of the person who data is to be protected, there will be an increase in the risk of unauthorised persons which is to be accessed.
The four steps of CPC are:
The CPC which relies on these 4 steps which needs to be analysed while assessing the setup of cloud computing:
Step1: which is personal data and step2 which is of third party involvement is used to asses if the use of cloud is relevant with data protection law. The transition point is to be analysed with the help of these 2 steps. Step1 and step2 are considered by CPC. Action items which are needed to be implemented are identified.
To address the measures required for the data protection law step 3 and step4 are to be addressed. Almost CPC mostly relies on a modular approach to deal with legal issues.
Discussion about this post