Will the GDPR Cause the Cloud to Burst?

Businesses around the world have been increasingly taking advantage of cloud services, from hosted telephony, through to unified communication platforms and simple storage. The distributed ‘anywhere’ nature of the cloud provides incredible flexibility for businesses and employees alike, and generally offers a cost benefit as well.

These global and distributed features that drive these benefits have the potential to fall foul of 2018s upcoming General Data Protection Regulation. This greatly increases the responsibility of businesses holding personal information, including extending their liability for that data’s security and placing limits on businesses transferring data internationally.

Data Controllers, Processors, and Responsibility

The GDPR defines two general groups who have responsibility for sensitive data: controllers and processors. Controllers are, in essence, the business which has collected the data. Processors are any entity to which a controller passes this data.

The GDPR greatly extends the responsibility of data controllers when it comes to any ‘personal’ information: data passed to a third party for analysis, for example, remains the responsibility of the data controller. A data breach suffered by a third party in possession of data you have collected will still be your responsibility.

This means that businesses using cloud services, whether XAAS platforms or simply cloud storage, are responsible for assessing and securing data both on the cloud platform and in transit between their own site and the cloud.

Cloud providers chosen by businesses will also need to comply with GDPR terms. It is the data controller’s responsibility to assess this, from the controller receiving written confirmation of the provider’s agreement to provide adequate security, through to the provider being able to fully comply with an individual’s right to erasure. The latter involves not only deleting the obvious copy of information, but any distributed or backup copies as well.

Global Cloud Services vs The GDPR

In addition to the awkward data security issues posed to cloud users, the GDPR also imposes regulation on the transfer of information. Specifically, that data can’t be transferred out of the EEA unless the receiving country guarantees a sufficiently high level of rights and freedoms.

In practice, this means that data controllers are not only responsible for their cloud provider’s security, but also to investigate where data centres and cloud nodes are located in order to ensure that they stay compliant.

While the GDPR does not spell the death of cloud services, it certainly makes the adoption of cloud-based services much more difficult for UK businesses. The level of due diligence required by a data controller to entrust their data to a cloud provider (essentially requiring a security audit or guarantee, deeper understandings of the provider’s infrastructure and agreements to be put in place to guarantee individual rights can be maintained), mean that the adoption of cloud-based services may fall significantly.

The other possibility is a rise of specifically compliant cloud services, who have taken special precautions to be GDPR compliant, with data centres only in approved locations. For the moment, however, cloud services need to be considered very carefully and existing services should be scrutinised before the GDPR takes effect.


  • I am writing to express my gratitude to Ross Clifford & Associates who helped me successfully secure the role of Enterprise Sales Executive at Concured. Ross was extremely professional and understood the specifics of the job I required. I especially appreciated his fast response, transparent communication, and coordination in a timely and efficient manner.
    - Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
  • Ross is one of the friendliest recruiters I've dealt with. He was always attentive, quick to respond and ready to help with any questions I had. He's very professional, and not at all superficial like so many other recruiters out there. I would highly recommend him.
    - Jessica Cole, Editor – Redwood London.
  • “We look for commercial people with a rare blend of talents. They need to be able to advise our blue-chip clients on thought leadership strategy. They need to be highly strategic and purposeful in uncovering opportunity. And they need the hunger it takes to thrive in a rapidly evolving business. Ross was quick to understand our need, he only delivered high-quality people for interview, and he succeeded in getting us a winning candidate incredibly fast.”  
    - Gareth Lofthouse, Founding Partner, Longitude.
  • I can't rate or recommend Ross highly enough. He brings a thoughtful, personal approach to the process, carefully matching opportunities with candidates, through a good understanding of their priorities and skills. Throughout, he keeps candidates up to date in an open, honest way. A genuine pleasure to work with.
    - Johnny Meredith, Senior New Business Manager, The Bio Agency.
  • Ross is the best recruitment agent I have worked with, he stayed in contact, kept me informed and was with me every step of the process. He also checked in with me during my first couple of weeks in my new role to make sure I was settling in. I wouldn't hesitate to recommend him.
    - Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
  • I have worked with Ross over 4 years now and he has always delivered a really high standard of candidate both at senior and junior level. His online knowledge is second to none and all the candidates he has put forward over the years have only good things to say about Ross and his work ethic.
    - Neil Kettleborough, CRO & Co Founder, Chalk Social
  • Ross is a fantastic recruitment consultant -  extremely professional, meticulous, patient and supportive. Throughout the process, I felt he represented me really well and genuinely cared about my career and finding the right role. Thanks to Ross I am now in a role I love, working with a brilliant team. Very highly recommended!
    - Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude
  • I have no hesitation in recommending Ross. He is, by quite some distance, the best recruiter I have worked with. Perhaps unusually, Ross listens carefully in order to understand the needs of his clients and candidates, thereby ensuring that good matches are made; we are not talking 'spray and pray'. Likeable and on the ball, I hope to work with him again.
    - Pete Braham, Business Development, Longitude.

© Ross Clifford Associates. Website by Outlines Design.