More and more enterprises are moving to the cloud. This can have big advantages for an enterprise: it also allows for a better optimization of IT resources because cloud solutions are almost unlimited scalability and have a great flexibility. All at a contained cost.
The EU GDPR is a new, comprehensive data protection law that goes into effect on May 25, 2018. It applies broadly to organizations based in the EU and elsewhere that collect and process the personal information of individuals residing in the EU.
Cloud Infrastructure is an Infrastructure as a Service (IaaS) product in which responsibility for security is shared between the Cloud Infrastructure and the customer.
Enterprises need scalable, hybrid cloud solutions that meet all their security, data protection, and compliance requirements. To meet this need, developed Cloud Infrastructure, offers customers a virtual data center in the cloud that allows enterprises to have complete control with unmatched security.
Cloud Infrastructure offers best-in-class security technology and operational processes to secure its enterprise cloud services. However, for customers to securely run their workloads in Cloud Infrastructure, they must be aware of their security and compliance responsibilities. By design, it provides security of cloud infrastructure and operations (cloud operator access controls, infrastructure security patching, and so on), and customers are responsible for securely configuring their cloud resources. Security in the cloud is a shared responsibility between the customer and the provider. Likewise, privacy compliance is also a shared responsibility between provider and customer.
The GDPR defines three key actors: if you want to know more about the GDPR compliance check it here: https://www.novatel.bg/ready-set-gdpr/
Data subject: An individual whose personal data is gathered and processed by the controller
Controller: An entity that determines the purposes and means by which the data is processed
Processor: An entity that only processes data at the controller’s command
Customer account information: Information needed to operate the customer’s Cloud Infrastructure account. This information is primarily used to contact and bill the customer.
Customer services data: Data that customers choose to store within the Cloud Infrastructure, which may include personal information gathered from data subject users.
GDPR compliance is complex in the cloud. Businesses that use cloud services have to ensure that the data practices at each of them are compliant with GDPR.