Given the large scale impact of this new regulation, the EU administration have released the requirements already, to give businesses, public agencies and citizens time to adapt already today and some time before it becomes actually legally binding.

 

GDPR, a Key topic for 2017 and 2018

The announcement of this new regulation caused lots of noise in the market and relevant IT media. The main challenge of course is, that not every business in Europe is compliant even with today’s regulations we have. With the General Data Protection Regulation – in short: GDPR – raising that bar quite a bit, more work for CIO’s and CISO’s is coming up; and even a CEO may well have to get involved. The topic has a significant business impact. No Europe based company can afford to ignore it and neither does any company servicing European customers from the USA or Asia.

Given the importance of this matter to our customers, our partners and ourselves we decided to dedicate a small series of blog posts to it. We want to reflect the core requirements expressed in the GDPR that are relevant in the public cloud context. We will also talk about how we, as a provider of managed cloud services and consultancy to a multitude of businesses across Europe, are affected by it and what we do to remain compliant. Most importantly though, we will talk about the impact to our customers and how they can make sure they are compliant at all times. As always, we’re here to help and guide you towards a secure future in using cloud services.

 

The Public Cloud and GDPR

When new security and data protection standards are released anywhere in the world, they have a lot of impact on the IT parts of a business especially. Hence, in the context of public cloud services, we see a huge attention of both customers and cloud providers alike. Although it will be discussed in a dedicated blog post in more detail, we want to give you a quick overview on the state of affairs in the public cloud market as of today:

The large players like Amazon Web Services or Microsoft Azure have already implemented a strong set of actual measures to comply with the GDPR today – have a look at their statements:

here: https://aws.amazon.com/compliance/eu-data-protection/
and here: https://www.microsoft.com/en-us/trustcenter/privacy/gdpr#enterprise-product/
There are non-binding GDPR Code of Conducts that cloud businesses can comply with to show that they are adhering the regulation already today – check out the most relevant one, CISPE, here: https://cispe.cloud/

 

GDPR is not (just) about Technology

No matter where your cloud or hosting provider stands today, you should look at their current degree of compliance to the GDPR and most importantly, you have to make sure they allow your business to remain compliant to your customer expectations in the post May 2018 time. The compliance of your business to regulations is your responsibility, not that of your IT providers.

Our goal is to increase awareness around GDPR holistically and how it applies to our readers, irrespectively of who they are. That means we don’t focus purely on the technical, but also on the process and organisation side of the challenge at hand. Data Protection is certainly a technical topic when it comes to implementing defence mechanisms. But without understanding the legal and regulatory background, you will just be buying tools. We are looking at things end-2-end and will guide you towards the right setup for your business and customers.

At Nordcloud, we want you to get the most out of the public cloud. We will help you and your compliance teams understand the requirements of the GDPR and guide you towards a compliant future in the cloud. Look out for our follow-up blog posts that are going to be released on a weekly basis during the summer time.