Are you aware that every week, thousands of profit-making and non-profit making organizations migrate to the cloud? In the last decade, millions of companies and other forms of organizations embraced the use of cloud computing, and the trend will undoubtedly continue in the next few years.
Cloud computing can offer several advantages to enterprises. For instance, it allows better optimization of Information Technology resources, given that cloud solutions offer unmatched flexibility and unlimited scalability at a reasonable cost.
The main objective of GDPR is to create harmony in countries belonging to the European Union, to allow the implementation of uniform laws regarding data protection and also improve the legal position of concerned parties.
Some of the major changes that have been brought about by the GDPR are as follows:
1. A significant increment in the fines imposed on organizations that fail to comply with the regulation.
2. Requirements regarding information and transparency have significantly strengthened peoples’ rights.
3. Introduction of new obligations regarding data protection.
The regulation is applicable to all organizations that collect information from citizens of the European Union, even if the organizations are outside the EU.
GDPR and its effects on cloud computing companies
The regulations brought about by GDPR present not only opportunities but also challenges. A data protection approach within organizations, as well as the level of protection, is an important element that indicates how ready a company is for GDPR.
For thousands of organizations, the regulation is very complex. So far, the legal, organizational, financial and technical challenges caused by the regulation have only partly been overcome.
GDPR has brought about various challenges, and they can be classified into two broad categories:
1. General challenges
2. Specific challenges
One of the general challenges brought about by the new regulation revolves around the sensitivity of clients’ information. Cloud computing providers of cloud computing services host various types of information, including classified information, and it may inadvertently fall into the hands of unauthorized parties. Essentially, there is a risk of leakage, especially if data storage and processing facilities are shared.
Determination of the applicable law can also be a challenge. It can be difficult to associate certain data with a particular geographical location, courtesy of cloud computing. It is difficult to establish exactly where data is stored. As a result, organizations sometimes find it difficult to figure out applicable laws.
Externalization of privacy is another problem brought about by GDPR. Organizations that use cloud computing services generally expect that providers of such services would apply the privacy commitments that they agreed upon with users.
According to GDPR provisions, personal data should not be stored beyond a certain period of time and after achievement of a pre-defined purpose. Thereafter, the data must be deleted. However, it can be difficult to comply with this regulation since data is usually stored in multiple jurisdictions in various locations and by different service providers.
GDPR recommends the inclusion of breach notification protocols and breach notification obligations in all data processing contracts between cloud computing companies and clients. Breach events and procedures for notifying clients’ about breaches must be clearly defined. However, some breaches become news headlines even before clients are duly informed.
Other specific challenges that have been brought about by GDPR pertain to: personal data processing in areas outside the European Union (European Economic Area), data privacy & security, data portability, visibility concerning data minimization as well as metadata, data ownership, privacy by design & cloud architecture and lastly, risk management aspects.
Mobile applications and GDPR compliance
The fines imposed against parties that fail to comply with GDPR provisions are without doubt exorbitant. Since compliance with the regulation has become mandatory for all businesses with website visitors and/or customers in the European Union, app development companies are spending sleepless nights, planning their app to ensure that they are GDPR compliant.
It is important for all app development companies to have a clear understanding of what is involved in the processes of obtaining, transferring, storage and handling of clients’ data. Additionally, they should find ways of safeguarding the security of clients’ data and measures that can enhance data security so as to develop GDPR-compliant apps.
Any entity that is involved in storing or processing personal information concerning European Union citizens within EU member states is required to comply with GDPR. There are various forms of data covered by the regulation. They include personally identifiable information (such as names, social security numbers, and addresses), sexual orientation, data (such as user location, RFID tags, and IP address), political opinions, health & genetic data, ethnic data and biometric data as well.
Any organization that is found guilty of contravening the GDPR can be forced to pay 4% of its annual turnover or €20 million, whichever is higher.