Five Steps To Keeping Your Cloud GDPR Compliant

 

 

 

1. Know the physical location of your cloud app providers that are involved with data collection, analytics or storage. If any of these apps are being hosted in an EU country, you’re already qualified for GDPR compliance.

2. Enact a new data agreement with your existing cloud apps concerning personal data. Make sure that every app you do business with is able and willing to change its agreement with you that it will adhere to all GDPR regulations. If these apps refuse to upgrade their terms of service with you, it’s time to find a new provider.

3. Ensure that you and the apps you use are only collecting ‘necessary’ data. For instance, if you are only collecting IP addresses on your website to see where visitors are coming from, there’s no need to ask them to fill out a survey recording their names, addresses and personal identification numbers.

4. Ensure that your apps are only collecting data for a specific purpose and not using it for anything else. How many times have you filled out a form on a website and started getting four new spam emails every day on related products? That will be illegal under the new GDPR law unless each app specifically says so in its data processing agreement and the individual agrees to it. Otherwise, sharing or selling data belonging to EU citizens to third parties is out the window. 

5. Make sure data used in an app can be erased as soon as your contract with that app ends. No app should be hanging on to your data ‘just because’ once your contract ends. Similarly, you shouldn’t have data laying around that’s not being used, because the risk of it being hacked grows every day that it’s just sitting on your server. Hacks, breaches and plain old accidental exposures happen every day. Limit the amount of data to only what you absolutely need to make your business work. 

 

The adoption of the GDPR standards is likely to be a painful one for many companies. Multiple surveys taken over the past year have proven that a majority of firms are not ready for the change and don’t have the proper tools in place to get there. 

While the powers that be might give some leeway as companies make the transition, getting there first can have a major impact on the future strength of your company.

 

 

This broad data protection plan has high stakes for an overwhelming number of businesses around the globe. It is a powerful voice for the rights of people’s online identity and a realisation of how valuable personal data is.

 

 

Individuals will have the right to challenge how companies build up profiles about them and will need to give consent before companies are able to get data and use it in certain ways. Individuals also have the right to challenge a business’s right to store their data. If the business cannot show a real reason to hold on to the data, the individual can request that it is deleted. 

 

Businesses failing to notify authorities of a breach can be fined up to €10 million ($12.3 million) or 2 percent of the company’s profit. Intentional or negligent violations can see a fine up to €20 million ($24.6 million) or 4 percent of the company’s profit.

What Kind of Businesses Are Affected by the GDPR?

 

• Any company that falls under the following criteria will need to be in compliance with the GDPR come May 25.

• Companies that sell goods/services to EU citizens.

• Companies that employ EU residents.

• Companies that operate websites that use cookies or other means to monitor people and traffic from the EU.

• Companies that collect any data about EU citizens.

• Companies using cloud technology that uses apps, data centers or servers located in the EU.

 

 

Information Management: 

 

 

GDPR – Two Thirds of Organisations Aren’t Ready:

 

Delve Into GDPR - Questions & Answers: