Cloud computing has been around for over a decade and is becoming a typical sight in technology solutions; however, is data stored there compliant with GDPR, Compliance Compendium chief business development officer Gareth Gadd explores this.
Compliance Compendium: The cloud is very useful. It means that you can exchange data easily across devices and (sometimes) remove the need to store data locally. Not only that, the cloud provider backs the data up for you and ensures that you will not lose your precious files. Very convenient.
I am reminded of an exchange I had with a presenter at a Sage developer conference last year. He was extolling the virtues of a particular Sage package and said “…your data is safe because it’s in the cloud…”. I put my hand up and asked, “So where is the data?” he replied “It’s in the cloud!”. So, I asked again, “So where is the data?”. He almost shouted his reply “ITS IN THE CLOUD!” (thinking me to be an idiot). So, I asked again, “Where is the data?” This time the penny dropped and he said, “Well that’s Microsoft’s problem.” (the solution used Azure). I said, “No. If you are running this software then the data storage is your problem because you are the data owner. Microsoft are merely the data processor and they have already changed their terms and conditions to reflect that.” He was not interested in my interruption (and did not understand the implications) and quickly moved on.
People forget that data in the cloud will always have a physical representation and for the most part you will have no control over where your data is and therefore you could be non-compliant under GDPR.
As more and more companies rely on cloud storage and cloud SaaS, GDPR should have led a few organisations to check their usage of cloud and ask questions such as:
- Where will be our data be stored?
- Will the cloud storage entity be mining or processing my data?
- Will my data be compliant with GDPR in my country and also in the country that it is stored (if it is stored outside of your country)?
- Where will the data be mirrored to?
- How can I ensure visibility of my data?
It is even more important to ask these questions if you hold “special category data”. Such questions are only now starting to be asked. The answers are not always those that you would like to hear!
Compliance Compendium offers EU compliant storage as part of CC Suite.
Copyright © 2018 RegTech Analyst
