Review Of Regulations Around Data Hosted In The Cloud
Cloud computing has transformed the organization of companies, allowing more accessible and better-organized access to SaaS data and applications. However, every coin has its downside, and the Cloud also has some drawbacks, especially about governance and data security. This is also why various regulations have recently been put in place to better regulate the security aspect of data hosted in the Cloud.
The Cloud New Challenges, New Risks
For many companies, cloud computing represents a boon, on the one hand. After all, it allows savings on the purchase of equipment and licenses, and on the other hand, it simplifies processes and organization. By improving accessibility to data and SaaS applications, the Cloud makes it possible to promote remote work and better collaboration between different teams.
Quick and straightforward to set up, it gives businesses access to previously impossible tools for them to buy. And where security was once an issue, it has been dramatically improved in recent years. So much so that the Cloud is now used to protect data and ensure the security of software tools. However, loopholes still exist, hence the need for many countries to adopt new regulations. Their objective? Always better secure data hosted in the Cloud.
The GDPR Regulation Of Personal Data In The EU
The GDPR, or General Data Protection Regulation, aims to regulate the processing of personal data throughout the European Union. Regardless of its size, nationality, and sector of activity, each organization is affected by the GDPR when it handles personal data stored in the Cloud.
GDPR Rules For Businesses
The GDPR has put in place several rules to be observed by companies collecting and processing their data:
- Transparency of data processing: the use made of data must be indicated to users.
- Controlled data collection: only the data essential to the proper functioning of the company should be collected.
- The shelf life: the shelf life must be limited in time.
- Data security: data stored in the Cloud must be secured using powerful tools.
GDPR Rules For Processors
Communication and marketing agencies, IT security companies, hosting companies, maintenance companies, software integrators, and digital service companies are particularly affected. All must:
- Provide advice to their clients on how data is collected and processed;
- Keep a record of the activities carried out;
- Appoint a data protection officer (in some instances only);
Implementing the General Data Protection Regulation has made it possible to offer a valuable legal framework to professionals and harmonize data protection rules.
The Cloud Act Regulation Of Personal Data In The United States
Created in the United States in 2018, the Cloud Act corresponds to a set of laws directly opposing the regulations set out in the GDPR. While the second objective is to protect the privacy of consumers through a set of measures governing the collection and processing of personal data, the Cloud Act allows the United States to use the personal data of foreign individuals freely. All companies of American nationality or based on American soil are concerned. The laws enshrined in the Cloud Act allow free access to personal data stored in the United States and abroad.
Concretely, the Cloud Act allows any organization to transfer personal data to the American authorities without delay and opposition, even the person concerned by the data being notified.
Regulations Around Data Hosted In The Cloud By Sector
Health data is in particular subject, and rightly so, to very restrictive regulations. European regulations require that all stored data collected during various activities such as care, follow-up, or diagnosis must be certified or approved.
It must be said that, like health, personal data related to finance is sensitive data. The financial world has long shied away from public cloud services, fearing security breaches. Today, more and more banks are venturing into storing their data in the Cloud in compliance with banking regulations. They use a hybridization technique, aiming to meticulously choose which data is stored in the Cloud and which information is traditionally stored.
Hosting personal data in the Cloud: changing regulations the regulations related to the hosting of personal data in the Cloud are constantly evolving, and for a good reason, the risks are also evolving. Now, the use of cloud services from US providers is questioned and could soon become illegal. The implementation of several security measures could become a new condition for companies to have the right to store their data in the Cloud. Segregation of data between different cloud providers from other countries, data encryption through complex techniques, pseudonymization of data. These measures are difficult to put in place but could soon become essential to fight against cybercrime problems among others.
Also Read: IT Security: How SMEs Can Secure The Cloud