By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Start Your Business Magazine
  • Store
    Merchandise
    Subscribe
  • Features

    Grow, expand and leverage your business..

    Grow your start up business with our experts and industry insiders…

    Get Started

    Quick Links

    • Agenda
    • Business Books
    • Marketing
    • Technology
    • Wellbeing
    • Finance
    Reading: GDPR is just around the corner…

    Our Newsletters

    Our website stores cookies on your computer. They allow us to remember you and help personalise your experience with our site..

    Read our privacy policy for more information.
  • Book
  • Trending
    agenda

    Blurred lines between work and home are harming SME productivity – here’s how to fix it

    For many small business owners and their teams, the modern workday no…

    UK Revealed as the Worst European Country for Commuting

    With many employers reinstating back-to-office policies post-pandemic, the cost and toll of…

    agenda

    Business Investment 2025

    How Much are UK Entrepreneurs Willing to Invest in 2025? New Survey…

  • Topics

    Topics

    • Agenda
    • Blogs
    • Book Review
    • Business Advice
    • eCommerce
    • SME Update
    Reading: GDPR is just around the corner…
    • Events
    • Business Experts
    • Featured
    • Franchise
    • Growing Business
    • Health
    Reading: GDPR is just around the corner…
    • Finance
    • Franchise Experts
    • How To
    • Interviews
    • Just for fun
    Reading: GDPR is just around the corner…
    • Lifestyle
    • Making money
    • Manufacturing
    • Marketing
    • Money
    • Property
    Reading: GDPR is just around the corner…
    • Starting Up
    • Taxation
    • Technology
    • Wellbeing
    • Women in Business
    Reading: GDPR is just around the corner…
Reading: GDPR is just around the corner…
Connect
Start Your Business MagazineStart Your Business Magazine
Aa
  • Magazine
  • SEO – Backlinks
  • Book: Start Your Business
Search
  • Agenda
  • Book Review
  • Blogs
  • Finance
  • Growing Business
  • How To
  • Interviews
  • Marketing
  • SME Update
  • Starting Up
  • Technology
  • Wellness
  • Contact
Have an existing account? Sign In
Follow US
  • RSS
  • Terms And Conditions
  • Privacy Policy
  • Contact
  • Licensing
  • SEO
Copyright © 2014-2023 Ruby Theme Ltd. All Rights Reserved.

GDPR is just around the corner…

Start Your Business
blog Technology
Share
9 Min Read

Will your cloud services be compliant?

There are fewer than 60 days before the GDPR compliance deadline. By Friday 25 May 2018 organisations must be able to demonstrate that they are compliant or show evidence that they are working towards being able to satisfy the Articles that will govern data protection for the foreseeable future. So, with the deadline in mind, where should businesses be right now in the process of ensuring cloud workloads will be compliant with GDPR?

Finalising Controller/Processor contracts

Organisations that originate the collection of personal data (data controllers) and operate in a cloud environment must be able to give evidence that the data they have gathered is protected as far as possible in all instances of transit, storage and processing. It’s commonplace for organisations to use a chain of third parties to host and process data – the cloud being an obvious example. As a Data Controller you should now be at the final stages of formulating the contracts that will commit your Data Processors (such as your cloud hosting service) to handling your data to your defined standards of security, geographic location and access required by the GDPR. Part of this should include setting up a system of audit to actively monitor your Data Processors and ensure that they are continuously meeting your GDPR requirements. This oversight should include visibility into the activities of your Processor through review of policies and defined audits, insight into any sub-processed functions that the Processor may be performing and assurances that those sub-processed activities themselves are compliant to the Controller’s needs. It’s also important that the contract identifies the types of personal data that will be under scope, agreements of auditory bodies to be utilised as well as the procedure of informing the controller if the processor suffers a breach of the data or the terms under which it is being processed.

Your Data Processors should be fully engaged with you at this stage, demonstrating through their own compliance procedures how they align with what you need to ensure you meet your GDPR obligations.

Educating the organisation on its data protection responsibilities

The GDPR is much more than a tick box compliance exercise that can be contained within audits and contracts. It requires a full commitment by every organisation to build data protection into its culture and all aspects of its operations, from Support through Accounting to Product Development. The GDPR is not specific to just IT, it must permeate all aspects of the organisation to ensure a culture is built.

By now your employees should be aware of the impact of the regulation changes on their daily work processes and responsibilities. Departments will be affected in different ways and to different degrees: some will have been living and breathing the regulation for several years, for others it may be new. But being data protection-aware is no longer optional, it’s critical and regulated. An ongoing continuous programme of education – from induction through regular refresher sessions – is essential. Part of this process should include furnishing employees with their own data privacy notice, informing them of the way in which their employer will manage and safeguard their personal information. This will help make data awareness relevant for everyone from the Chairman of the Board to the customer service team and beyond.

Wrapping up data mapping, risk and access reviews

By this stage, you should know what data you hold, why you hold it and where it’s located. You should have established the level of risk associated with that data and the levels of access permitted to the data in the course of operations and mechanism to measure and oversee the effectiveness of those activities. The flow of data through your organisation should be clearly understood and systems in place to identify any changes in data flow that might cause elevated data risk. Modifications to applications, services or procedures should be evaluated through the PIA and DPIA processes noted within GDPR and overseen by your organizations Data Protection Officer (DPO). Linkage between your DPO and your Processor’s DPO should be in place at this stage with processes to ensure that Data Subject queries are handled in the correct manner and that program oversight is functioning correctly.

Data protection impact assessments (DPIAs) should have uncovered any high risk data and strategies be under development to mitigate that risk to an acceptable level. The level of access employees have to data should also have been reviewed, with the principle of limiting access to the minimum number that is required for operations.

Locking the doors on EU data stores

The separation and restriction of EU citizens’ data, plus confirmation of its secure geographic location, should be in its final stages. This ties in with the point above about data controllers and processors and is particularly relevant to the cloud. Controllers need to know that data pertaining to EU citizens is locked down to that geography and will not be inadvertently accessed by staff from other territories. Processors must commit contractually to meeting and sustaining that requirement. For entities that utilise cloud services, it is important that you verify that the proper legal data transfer mechanisms are in place as well. If your Data Processors are not actively engaging with you on this and all other issues relating to data protection by this stage, you need to start asking questions.

Appointing and embedding the Data Protection Officer

If your organisation is a public body, systematically monitors data subjects on a large scale, or you handle special categories of protected data, you must employ a Data Protection Officer (DPO) who reports to the highest level of the organisation. By now your DPO should be in position, fully resourced and supported to lead your GDPR compliance programme.

Even if you do not officially need to appoint a DPO under the terms of the regulation, you will need to ensure that you have sufficient staff with designated responsibility for ensuring compliance. There appears to be a shortage of qualified data protection specialists in the UK at the present time, which is not surprising. One alternative is to consider appointing a third party specialist to assist in your GDPR compliance activities.

As we approach the run-in to zero day, these are the kinds of activities that should be well under way for businesses that are on track. As a Data Processor for our customers iland is working closely with them to ensure that they know just how we will fulfil our side of the deal with robust security, audit and management. For organisations that are less well-prepared, the key at this stage is to be able to demonstrate that you are at least working towards compliance.

Remember, 25th May is just the start of a continuous commitment to improving data privacy for everyone, the work will continue and we’re looking forward to being a key part of that for our customers and partners.

TAGGED: header

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.

By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Start Your Business April 18, 2018
Share this Article
Twitter LinkedIn Reddit Email Copy Link
  • RSS
  • Terms And Conditions
  • Privacy Policy
  • Contact
  • Licensing
  • SEO

Get the latest from us delivered straight to your inbox

Start Your Business Magazine: The Ultimate Business Start Up Guide provides information advice and guidance for entrepreneurs and new business start ups. Get the latest from us delivered directly to your inbox.

Our website stores cookies on your computer. They allow us to remember you and help personalize your experience with our site..

Read our privacy policy for more information.

Copyright 2023 Gambit Interactive Media Limited – All Rights Reserved.

Manage Cookie Consent
We use technologies like cookies to store and/or access device information. Cookies are used for ads personalisation We do this to improve browsing experience as well as show personalized ads. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage {vendor_count} vendors Read more about these purposes
View preferences
{title} {title} {title}
Go to mobile version
Welcome Back!

Sign in to your account

Lost your password?