GDPR Cloud computing impact is considerable: this week we discuss data protection implications with the Cloud business community in Zagreb.
I am happy and grateful to EEL Events and their brilliant team to appear again at the Zagreb SEE Cloud Computing Forum 2016. The timing is great because a lot has changed since the 2015 event: European legislators have passed General Data Protection Regulation (GDPR) and the Safe Harbour has been replaced with the EU-US Privacy shield.
So what does that mean for Cloud-based businesses and their users? When comparing GDPR to the current Data Protection Directive regime, key GDPR Cloud impact can be summarised as follows:
- data protection impact assessment requirements in relation to new Cloud, IoT or Big Data technologies
- the appointment of a Data Protection Officer
- risk management in relation to personal data breach and the notification requirements thereof.
If the Cloud service comprises personal data storage and processing in the US, Cloud providers and their clients will further need to comply with the EU-US Privacy Shield, a new trans-Atlantic privacy and data protection agreement.
The above requirements are likely to affect both Cloud solutions providers, in most cases as data processors, and their clients, most likely in their role of personal data controllers.