With GDPR coming into force later this month, security and compliance will be the top-most priority for any cloud deployment that contains personal data of EU citizens.
While leading providers have moved to make their platforms and services compliant, ensuring compliance requires more than just technology. Companies will also need to invest time and resources to prepare internal cloud teams to correctly and effectively design secure, auditable, and traceable cloud solutions that also meet the demands of your business. Here are 4 steps to get your cloud deployments GDPR ready for compliance.
#1 Make sure your cloud partners are GDPR compliant
In the cloud, the entire security framework operates under a shared responsibility model between the provider and the customer.
From an infrastructure perspective, the cloud service provider is responsible for providing a secure cloud environment, from their physical presence to the underlying resources that provide compute, storage, database, and network services.
Customers who import data and utilize the provider’s services are responsible for using them to design and implement their own security mechanisms such as access control, firewalls (both at the instance and network levels), encryption, logging, and monitoring.
Under GDPR, both customers (as controllers who define how and why personal data is collected) and cloud providers (as processors who manage, process, or store personal data on behalf of the controller) must be compliant.
To date, AWS, Google Cloud, Microsoft Azure have announced their compliance (in the case of AWS) and of their commitment to GDPR (Google and Microsoft) by the May 25 deadline.
Enterprises should make sure that their cloud partners and any third party that processes, manages, or stores personal data of EU citizens on their behalf have the proper compliance and controls in place.
#2 Audit your systems for personal data
Personally identifiable information (PII) as defined by GDPR includes a range of data types, from