18 Dec CLOUD AND GDPR
CLOUD AND GDPR
As the clock is ticking down, we are hearing how many data owners and processors scrambling to ensure compliance programs are in place by the time the European Union’s General Data Protection Regulation (GDPR) goes into force on May 25, 2018.
At the beginning of December, more standards were rolled out to assist CSPs and enterprises. The Cloud Security Alliance (CSA), released the CSA Code of Conduct for GDPR Compliance (CoC) to provide CSPs and current and potential cloud customers with education around GDPR. There is also a GDPR Resource Center, a “community-driven website with tools and resources for enterprises on the GDPR. This site is very helpful to those enterprises needing assistance to help fast-track their efforts.
The focus is around two main areas:
1. Provide cloud customers of any size with a tool to evaluate the level of personal data protection offered by different CSPs.
2. Provide CSPs of any size and geographic location with a guidance to comply with European Union (EU) personal data protection legislation and to disclose, in a structured way, the level of personal data protection they offer to customers.
The following categories should be reviewed in great depth:
- *The processing of personal data in a fair and transparent manner
- *The information that is provided to data subjects and to the public Article 15
- *The rights of data subjects and how those rights are exercised Article 17
- *The measures and procedures described in Articles 24 and 25 of the GDPR and the measures to ensure the security of data processing as set forth in Article 32 of the GDPR
- *The notification of personal data breaches to supervisory authorities and the communication of breaches to data subjects
- *The transfer of personal data to third countries
Let us know how we can be of assistance.
www.creedpro.com/contact