Estimated reading time: 2 minutes, 46 seconds

Complying with Data Privacy Regulations in the Cloud Featured

Complying with Data Privacy Regulations in the Cloud private signage door

Data privacy regulations are becoming more prevalent and stringent in many parts of the world. Led by the EU’s General Data Protection Regulation (GDPR), nations and other jurisdictions such as U.S. states have developed and implemented standards regarding the use of their citizens’ personal information. Organizations risk substantial financial penalties and the loss of customer confidence if they fail to comply with data privacy standards.

There are benefits and challenges associated with using the public cloud for compliance with data privacy regulations. While the activities performed to keep data safe and demonstrate compliance are shared between the customer and provider, an important fact to remember is that the organization that owns the data is responsible for keeping it secure. The customer will face more serious consequences than the cloud provider if there is a data breach or failed compliance audit.

Benefits of Cloud Compliance 

Some of the same reasons for the general interest in cloud computing apply to enterprises concerned about data privacy compliance. The benefits of using a cloud provider include: 

  • Access to cutting-edge technology that may be beyond the means of individual customers to provide by themselves;
  • Experienced teams of security and compliance specialists who may have substantially more knowledge than that of in-house personnel;
  • The ability to quickly build secure systems to cope with evolving regulatory standards.

Implementing a compliance program can stress an organization’s technical and human resources. The cloud offers a simplified path that enables companies to rapidly embrace regulatory compliance. 

Challenges of Cloud Compliance 

Companies that operate in more than one jurisdiction can be faced with being subject to multiple sets of data privacy guidelines. This can be challenging for any organization and the challenge can be exacerbated when using a cloud provider to protect enterprise data resources. 

Many data privacy regulations have restrictions on where personal data is stored. It may have to physically remain in the jurisdiction in which the citizens live and transferring it to other geographical areas may be prohibited without proper consent. 

This can cause problems when a cloud provider is adding capacity or failing systems over to address an outage. Data that had been stored under a specific privacy regulation can be inadvertently moved to a restricted location at the risk of a failed compliance audit.

Questions for Your Cloud Provider

Effective data privacy compliance is possible with a cloud provider as long as some conditions are met and the roles of all parties are fully defined and understood. Some questions that an organization should ask its prospective cloud providers are: 

  • Who controls the encryption keys used to secure personal data?
  • What type of data oversight such as intrusion detection and security audits will be performed?
  • In which geographic location is my data being stored and can it be guaranteed that it will remain there?
  • What types of reporting are available to demonstrate compliance to regulatory auditors?
  • Who will have access to sensitive corporate data?

If an enterprise is not satisfied with the answer to these questions, they probably should continue the search for the right vendor. Large cloud providers are making custom configurations available that help address the challenges of complying with data privacy standards. Make sure your company’s sensitive data is handled appropriately by all third-parties, including your cloud providers. 

Read 29 times
Rate this item
(0 votes)
 Robert Agar

I am a freelance writer who graduated from Pace University in New York with a Computer Science degree in 1992. Over the course of a long IT career I have worked for a number of large service providers in a variety of roles revolving around data storage and protection. I currently reside in northeastern Pennsylvania where I write from my home office.

Visit other PMG Sites:

click me
PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.