标题: GDPR-compliant cloud [打印本页] 作者: elsiesilver41 时间: 2024-8-9 02:24 标题: GDPR-compliant cloud An important step we should take after deciding to use the cloud is to verify that:
who is the provider of a given solution – i.e. which entity will formally provide us with services that enable us to use the cloud,
whether such a supplier meets the requirements arising from the provisions of the GDPR , e.g. in terms of meeting security requirements.
Where does the second requirement come from? If, as part of a cloud service, we process (e.g. store) personal data of our customers, employees or other persons for whom we are the data controller , the cloud service provider will usually be the so-called processor.
This requires that both the administrator and the processor meet several additional obligations B2C Email Lists arising from the provisions of the GDPR first step is for the client-administrator to check whether the cloud provider is even suitable to give him any data.
The Controller should use the services of a cloud service provider (processor) that provides sufficient guarantees for the implementation of appropriate technical and organisational measures so that the processing will meet the requirements of this Regulation and protect the rights of data subjects – Article 28 paragraph 1 of the GDPR.
obtaining information about what security measures are used by the cloud service provider and what procedures they have adopted in this regard (e.g. by asking to complete a questionnaire with questions to determine what security measures the provider uses and which they do not use),
checking whether the processor has not previously experienced any serious situations that would result in a breach of data security.
How this obligation is fulfilled generally depends on the administrator . Therefore, we do not necessarily have to use the solutions indicated above - we can always use some alternative method.
It is also important who the supplier is and how they provide information that allows them to meet the requirements of the GDPR – let's be honest, trying to audit an international supplier before we have even become their customer can be a difficult task. Such suppliers often have standardized information on how they meet the requirements of the GDPR and provide it to potential customers.