Partly Cloudy with a Chance of Rain: How GDPR puts a silver lining on the Cloud
The new EU privacy legislation, "General Data Protection Regulation" (GDPR), will go into effect on May 25th of this year, with many companies, organizations and even governments either scrambling to prepare their compliance, panicking or both. While some are battening down the hatches, others have discovered the benefits of outsourcing. Thereby moving, not only their data, but also their risk into "The Cloud".
What exactly is GDPR?
Adopted by the EU on April 27th back in 2016, the General Data Protection Regulation (GDPR) 2016/679 effectively replaces the 1995 Data Protection Directive 95/46/EC, with much tighter legal liability/accountability for the management of personal data.
What has been fueling most of the hysterics is a new "no tolerance" approach to accountability, posing a serious financial risk for the non-compliant or somehow compromised. This doesn't just effect big data companies, but applies to any organization that is managing any personal data: be that customers, employees and even purchased data from 3rd parties.
GDPR applies to organizations that:
A presence in an EU country.
No presence in the EU, but process personal data of European residents.
More than 250 employees.
Fewer than 250 employees but impacts the rights and freedoms of data subjects regularly, or includes specific sensitive personal data.
Violations can cost an organization up to €20,000,000 or even up to 4% of their global annual turnover. In light of the recent Facebook (Cambridge Analytica) scandal, plenty have reason to be nervous.
Service Provider as an Umbrella:
Seizing the opportunity, many providers got out in front of the impending storm and adjusted their services accordingly. Realizing that they are in the best position to standardize compliance, they can offer safe havens through their services, making it more compelling than ever to make the move to the cloud.
Microsoft, for example, have been leading the charge with information and services around GDPR with their Trust Center on GDPR or their white paper on the subject. Most impressively, their cloud based Office365 and SharePoint services are offering compliance and liability for all their services under those umbrellas.
"We are committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in our contractual commitments." - Trust Center on GDPR
Google are offering cover from the rain as well, with a strong commitment to GDPR compliance statement, information and guidance. In particular, this covers G Suite and Google Cloud Platform services.
"Our data processing agreements for G Suite and Google Cloud Platform clearly articulate our privacy commitments to customers. We have evolved these terms over the years based on feedback from our customers and regulators." - General Data Protection Regulation (GDPR) | Google Cloud
Salesforce, completely cloud based, have a major stake and have also been at the forefront of supporting and informing their clients about compliance training, documentation and support. All their information is available on their site under GDPR.
"Salesforce provides companies with transparency and control of their customer data to accelerate compliance with regulations like the General Data Protection Regulation (GDPR) while harnessing the power of that data to connect with customers in new ways." - SalesForce
Although many cite security to hold off going to the cloud, it seems that GDPR has forced service providers to make a giant leap forward to achieve compliance. A feat that many organizations may find extremely frustrating and costly, but sadly unavoidable. Maybe right now is the right time to get under a protective umbrella.