Will the GDPR Cause the Cloud to Burst?

Businesses around the world have been increasingly taking advantage of cloud services, from hosted telephony, through to unified communication platforms and simple storage. The distributed ‘anywhere’ nature of the cloud provides incredible flexibility for businesses and employees alike, and generally offers a cost benefit as well.

These global and distributed features that drive these benefits have the potential to fall foul of 2018s upcoming General Data Protection Regulation. This greatly increases the responsibility of businesses holding personal information, including extending their liability for that data’s security and placing limits on businesses transferring data internationally.

Data Controllers, Processors, and Responsibility

The GDPR defines two general groups who have responsibility for sensitive data: controllers and processors. Controllers are, in essence, the business which has collected the data. Processors are any entity to which a controller passes this data.

The GDPR greatly extends the responsibility of data controllers when it comes to any ‘personal’ information: data passed to a third party for analysis, for example, remains the responsibility of the data controller. A data breach suffered by a third party in possession of data you have collected will still be your responsibility.

This means that businesses using cloud services, whether XAAS platforms or simply cloud storage, are responsible for assessing and securing data both on the cloud platform and in transit between their own site and the cloud.

Cloud providers chosen by businesses will also need to comply with GDPR terms. It is the data controller’s responsibility to assess this, from the controller receiving written confirmation of the provider’s agreement to provide adequate security, through to the provider being able to fully comply with an individual’s right to erasure. The latter involves not only deleting the obvious copy of information, but any distributed or backup copies as well.

Global Cloud Services vs The GDPR

In addition to the awkward data security issues posed to cloud users, the GDPR also imposes regulation on the transfer of information. Specifically, that data can’t be transferred out of the EEA unless the receiving country guarantees a sufficiently high level of rights and freedoms.

In practice, this means that data controllers are not only responsible for their cloud provider’s security, but also to investigate where data centres and cloud nodes are located in order to ensure that they stay compliant.

While the GDPR does not spell the death of cloud services, it certainly makes the adoption of cloud-based services much more difficult for UK businesses. The level of due diligence required by a data controller to entrust their data to a cloud provider (essentially requiring a security audit or guarantee, deeper understandings of the provider’s infrastructure and agreements to be put in place to guarantee individual rights can be maintained), mean that the adoption of cloud-based services may fall significantly.

The other possibility is a rise of specifically compliant cloud services, who have taken special precautions to be GDPR compliant, with data centres only in approved locations. For the moment, however, cloud services need to be considered very carefully and existing services should be scrutinised before the GDPR takes effect.

 

Latest Jobs

Don't just take our word for it

  • Tom Salvat, CEO, CONCURED
    "As a fast-growing start up, we need great people with a tough set of skills to find. They need to be hungry, experienced and fit the culture of a business that is always adapting and growing. Finding these people using Linkedin and other job boards is tough, time-consuming and rarely bears fruit. Ross has always been able to uncover gems for us, and we are benefiting greatly from his skills at CONCURED. Ross has a rare ability to really understand the business, the culture and the people that will nail the role. I couldn't recommend him highly enough, and he is the only recruiter we deal with"      
    - Tom Salvat, CEO, CONCURED
    Tom Salvat, CEO, CONCURED
  • Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
    I am writing to express my gratitude to Ross Clifford & Associates who helped me successfully secure the role of Enterprise Sales Executive at Concured. Ross was extremely professional and understood the specifics of the job I required. I especially appreciated his fast response, transparent communication, and coordination in a timely and efficient manner.
    - Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
    Tariq Mahmood, Enterprise Sales, Concured AI Content Marketing
  • Jessica Cole, Editor – Redwood London.
    Ross is one of the friendliest recruiters I've dealt with. He was always attentive, quick to respond and ready to help with any questions I had. He's very professional, and not at all superficial like so many other recruiters out there. I would highly recommend him.
    - Jessica Cole, Editor – Redwood London.
    Jessica Cole, Editor – Redwood London.
  • Gareth Lofthouse, Founding Partner, Longitude.
    “We look for commercial people with a rare blend of talents. They need to be able to advise our blue-chip clients on thought leadership strategy. They need to be highly strategic and purposeful in uncovering opportunity. And they need the hunger it takes to thrive in a rapidly evolving business. RC&A were quick to understand our needs, they only delivered high-quality people for interview, and succeeded in getting us a winning candidate incredibly fast.”  
    - Gareth Lofthouse, Founding Partner, Longitude.
    Gareth Lofthouse, Founding Partner, Longitude.
  • Johnny Meredith, Senior New Business Manager, The Bio Agency.
    I can't rate or recommend Ross highly enough. He brings a thoughtful, personal approach to the process, carefully matching opportunities with candidates, through a good understanding of their priorities and skills. Throughout, he keeps candidates up to date in an open, honest way. A genuine pleasure to work with.
    - Johnny Meredith, Senior New Business Manager, The Bio Agency.
    Johnny Meredith, Senior New Business Manager, The Bio Agency.
  • Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
    Ross is the best recruitment agent I have worked with, he stayed in contact, kept me informed and was with me every step of the process. He also checked in with me during my first couple of weeks in my new role to make sure I was settling in. I wouldn't hesitate to recommend him.
    - Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
    Karen Troman, Office Manager & HR Co-ordinator, VoucherCodes.co.uk part of RetailMeNot
  • Neil Kettleborough, CRO & Co Founder, Chalk Social
    I have worked with Ross over 4 years now and he has always delivered a really high standard of candidate both at senior and junior level. His online knowledge is second to none and all the candidates he has put forward over the years have only good things to say about Ross and his work ethic.
    - Neil Kettleborough, CRO & Co Founder, Chalk Social
    Neil Kettleborough, CRO & Co Founder, Chalk Social
  • Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude
    Ross is a fantastic recruitment consultant -  extremely professional, meticulous, patient and supportive. Throughout the process, I felt he represented me really well and genuinely cared about my career and finding the right role. Thanks to Ross I am now in a role I love, working with a brilliant team. Very highly recommended!
    - Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude
    Helen Rosemier, Commercial Director, Professional & Financial Services Practice, Longitude

© Ross Clifford Associates. Website by Outlines Design.