As businesses and organisations around the world move towards cloud computing as part of the digitalisation process, safety and privacy concerns loom large. Cloud server hosting is advantageous multifariously along with numerous point of integration to the functional setup. They practically ensure unlimited scalability; data optimisation across diverse geographical locations is significantly smoother, and the controller exercises great flexibility in storing and accessing their data.
A cloud service provider handles a diverse set of data from multiple clients, some of which may be sensitive. They process this data and store it in their servers on the controller’s (individual or organisation availing their service) behalf. There are some privacy and data protection concerns that the European Union has recently tried to plug with the General Data Protection Regulation Act of 2018.
GDPR: What is it and why should cloud server parties care?
The GDPR is a set of regulations and guidelines that aims to protect private data of individuals and organisations. Data protection has emerged as a veritable cause for concern, with data theft and privacy making headlines throughout 2018 and 2017.
Even big players in the technology field, such as Sony and Adobe, have fallen prey to cybercriminals. Over the past 2-3 years, sensitive information of millions of individuals, both personal and financial, has been leaked. The Equifax breach that affected over 143 million Americans in 2017 is still fresh in the minds of everyone.
In this context, the GDPR is a significant step that ensures that user data is not compromised in any way. Cloud server companies have to comply with the GDPR guidelines or face severe consequences in the form of fines or cancelled licenses.
There are many aspects of the GDPR that relates to cloud server hosting services, some of which are mentioned here.
GDPR states that the host should not store data longer than necessary. There should a pre-defined time limit that the controller and service provider should agree upon. Post the completion of that period, they should delete the data from all sources, including backups.
Data sovereignty forms an integral part of the GDPR. It mandates that all data of citizens residing within the EU to be stored within the area that falls under its jurisdiction. In exceptional cases, data can be stored outside EU’s jurisdiction. However, the host nation has to have similar data protection regulations.
As per the GDPR, controllers should be able to access their data in a computer-readable and structured format. Data deletion should also be permissible, but only express request from the owner.
Data breach response
The GDPR also mandates that service providers have to notify the controller of any data breach with a guaranteed minimal delay in response time. The two parties must frame out a data breach event and response strategy from the onset.
The EU aims to protect users from data piracy and other cyber threats on cloud server hosting with these rules and regulations. Although there are many challenges going forward with its implementation, it’s a welcome step towards data protection.