One of the most discussed problems concerning GDPR issues is associated with the Cloud providers action plan elements in order to achieve GDPR compliance. The critical elements are associated with personal data transparency, data security, physical location identification, physical servers storage, or international data transfers. Working for GDPR Ready Catalog content, I asked few experts in Cloud and GDPR to share with us their recommendations for Cloud services providers.
Here we have the valuable contribution of Ian Moyse, one of the most active Cloud specialist in social media, and recognised influencers in Cloud Computing social ecosystem:
Firstly, cloud providers need to take heed that they are now also on the hook for GDPR legal liability as a Data Processor. Data laws previously put the responsibility to the Data Controller (the customer), but this changes in GDPR.
Secondly, providers also need to ensure their own GDPR compliance as customers will expect and need supply chains of theirs to comply with GDPR in its fullest. This will be needed to ensure they are only sharing any data they hold with GDPR compliant partners and thus protecting their own GDPR processes and compliance.
Cloud providers will also need to become more transparent, as customers become even more diligent around data sovereignty, security, data storage and the controls and destruction of data they have responsibility for.
Thirdly, cloud providers are going to need to ensure their service offering itself, when used by a customer, allows the customer to remain compliant. For example, if your solution stores customer data in it, providing the ability to remove data in full for ‘Right to be Forgotten’ compliance.
You cannot get your product or service GDPR certified, but you can ensure that its use allows a customer to meet GDPR requirements and not hinder them.
Sales Director Natterbox, Board Member Cloud Industry Forum
The Romanian version of this article was published in GDPR Ready Catalog, Bucharest, November 2017