June 23, 2016, by Subhashini Simha - VP, Product Management and Marketing
Posted in News, Security
The EU Parliament has just adopted the most significant amendment to EU data regulation since 1995: The General Data Protection Regulation (GDPR). All businesses around the world that collect or process the personal data of EU citizens have until May 25, 2018 to comply with the new changes.
If your company is using cloud services to handle data of EU citizens, you will need to make sure that both your company and your cloud solution providers are capable of complying with the new regulation. Failure to comply with GDPR results in severe penalties like a fine up to €100 million or up to 5% of a company’s annual revenue, whichever is greater.
What are some challenges for data in the cloud?
According to a post from Skyhigh Networks, the GDPR states that “liability for data breaches and violations of the law will be shared between data controllers (organizations that own the data) and data processors (such as cloud providers that store the data).” A few other requirements of the GDPR include:
- “The right to be forgotten” – Under the new regulation an individual can request data that is “no longer necessary” to be permanently deleted from your servers (this includes data in the cloud or on-premises).
- Secure data transfers – The GDPR prohibits data transfers to countries outside the EU that do not provide an adequate level of protection. This new regulation will have stricter conditions for obtaining an “adequate” status.
- Privacy notices – Data controllers must be able to provide individuals with information about how their personal data is processed.
Are your cloud services prepared for GDPR?
Now is indeed the time for you to examine your cloud services to determine if they comply with the GDPR. If your company or employees are knowingly/unknowingly using freemium file sharing tools to host EU data, you need to start looking to replace them immediately with a solution that offers enterprise-grade security with governance and policies to protect valuable content. Here are a couple of important capabilities to look for in an enterprise-grade solution:
1. Flexible deployment and protection of data – According to the GDPR, certain EU data which may be considered very sensitive may not be stored outside of the EU. Companies handling this kind of data in the cloud must have providers with data centers or storage in the EU to comply with this requirement. Using an enterprise-grade solution like Thru that has ISO 27001-compliant data centers within the EU will help you to comply with the new regulation.
2. Data retention rules – To comply with the “right to be forgotten” requirement, companies should select cloud services that demonstrate the ability to delete EU data permanently off any servers when individuals demand. For data sharing services, look for a provider that can set retention policies for individuals in a way in which their data can be automatically deleted after a set period of time.
There is less than two years until companies would be mandated to be compliant with the new GDPR. In order to ensure your company is ready, you need to evaluate your own security practices as well as the practices of the cloud services you rely on every day.
Time is running out, take action now.