, , ,

GDPR and the cloud: What you need to know

GDPR and the cloud: What you need to know

Written by David Linthicum

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to unify data protection for all in the European Union (EU).  Additionally, they also address the export of personal data outside the EU, which is where international cloud users are getting concerned. 

GDPR includes aspects that address what data is being housed and where, how it is secured and the flow of how users access and use it.  As enterprises embrace public clouds and thus store data in diverse environments, there is a need to understand the regulatory and legal considerations of each aspect.

So, what do you need to know?

First of all, GDPR defines several roles that include the data controller, data processor, and data protection officer (DPO).  These are important when considering compliance in and outside of the country where the EU residents’ data resides.

The data controller defines how personally identifiable information (PII) is processed and for what purpose.  You can think of them as governance by humans who enforce predefined policies and procedures. 

Data processors maintain and process personal data records.  This may not be the best job in the world since the GDPR holds processors liable for breaches. This is important when considering the use of cloud-based platforms because it’s possible that both your company and cloud providers will be held liable for noncompliance.

The DPO is a mandated role for any company that stores and processes EU residents’ data. It’s the designated person to educate the company leveraging cloud (or not) to ensure GDPR compliance.  Also another un-fun job.  They are the contact point for regulators if there are concerns or violations.  In other words, they reach out to you first with the bad news. 

The core question is: How do the new GDPR regulations affect cloud computing in my world?   

It’s really not that big of a deal, as long as you put the processes and people in place in order to be compliant.  Like anything else compliance-related, it’s going to cost money and time, and it does add some risk. 

The application of the GDPR regulations are somewhat similar to the application of GDPR onto traditional on-premises systems.  You’ll likely use the same people, processes, and tools across both public cloud and traditional systems. 

However, cloud computing does add some complexity because we need to partner with our public cloud computing provider to ensure GDPR compliance.  The good news is that most public cloud providers have had years to prepare and are ready to provide compliance processes and resources.  The bad news is that issues are likely to arise as both sides get used to GDPR.  It’s another regulation that businesses need to address and worry about.

Remember to Subscribe to our Youtube Channel for the Latest Cloud Computing Tech Jobs, News, and Cloud Shows.


David S. Linthicum is a managing director and chief cloud strategy officer. David is internationally recognized as the worlds No.1 cloud computing industry expert, pundit and thought-leader.

(Disclosure: David Linthicum’s views in the blogs, video shows and podcasts are his OWN and are NOT financially sponsored by Nelson Hilliard)

Connect with David on LinkedIn and Twitter

At Nelson Hilliard we specialise in cloud technologies, sourcing the top 20% of cloud professionals inspired to work for you through our specialised marketing and profiling. If you are interested in having a quick talk to me regarding your employment needs please feel free to reach out.

You can also check my availability and book your 15 minute discovery call here.

Brad Nelson