- Make a list of the personal data you hold and how it will be process ed in the cloud.
- Can your cloud provider provide an appropriate third party security assessment?
- Does this comply with an appropriate industry code of practice or other quality standard?
- How quickly will the cloud provider react if a security vulnerability is identified in their product ?
- What are the timescale s and costs for creating, suspending and deleting accounts?
- Is all communication in transit encrypted?
- Is it appropriate to encrypt your data at rest?
- What key management is in place?
- What are the data deletion and retention timescales?
- Does this include end - of - life destruction?
- Will the cloud provider delete all of your data securely if you decide to withdraw from the cloud in the future?
- Find out if your data, or data about your cloud users will be shared with third parties or shared across other services the cloud provider may offer.
- What audit trails are in place so you can monitor who is accessing which data ?
- Make sure that the cloud provider allows you to get a copy of your data, at your request, in a usable format. How quickly could the cloud provider restore your data (without alteration) from a back - up if it suffered a major data loss?
- Does the cloud provider have sufficient capacity to cope with a high demand from a small number of other cloud customers?
- How could the actions of other cloud customers or their cloud users impact on your quality of service?
- Can you guarantee that you will be able to access the data or services when you need them?
- How will you cover the hardware and connection costs of cloud users accessing the cloud service when away from the office?
- If there was a major outage at the cloud provider how would this impact on your business?
- Make sure you have a written contract in pl ace with your cloud provider . How will the cloud provider communicate changes to the cloud service which may impact on your agreement?
- Which countries will your cloud provider process your data in and what information is available relating to the safeguards in place at these locations?
- Can you en sure the rights and freedoms of the data subjects are protected?
- You should ask your cloud provider about the circumstances in which you r data may be transferred to other countries. Can your cloud provider limit the transfer of your d ata to countries that you consider necessary.
See more at
Make sure you take necessary measures before downloading anything from the internet!
+447797762051 Skype: timhjrogers TimHJRogers@gmail.com
#projects #process #change #gdpr