Monday 5 February 2018

Great advice on GDPR and Cloud providers

Key points

Risks
  1. Make a list of the personal data you hold and how it will be process ed in the cloud.
Confidentiality

  1. Can your cloud provider provide an appropriate third party security assessment?
  2. Does this comply with an appropriate industry code of practice or other quality standard?
  3. How quickly will the cloud provider react if a security vulnerability is identified in their product ?
  4. What are the timescale s and costs for creating, suspending and deleting accounts?
  5. Is all communication in transit encrypted?
  6. Is it appropriate to encrypt your data at rest?
  7. What key management is in place?
  8. What are the data deletion and retention timescales?
  9. Does this include end - of - life destruction?
  10. Will the cloud provider delete all of your data securely if you decide to withdraw from the cloud in the future?
  11. Find out if your data, or data about your cloud users will be shared with third parties or shared across other services the cloud provider may offer.
Integrity

  1. What audit trails are in place so you can monitor who is accessing which data ?
  2. Make sure that the cloud provider allows you to get a copy of your data, at your request, in a usable format. How quickly could the cloud provider restore your data (without alteration) from a back - up if it suffered a major data loss?
Availability
  1. Does the cloud provider have sufficient capacity to cope with a high demand from a small number of other cloud customers?
  2. How could the actions of other cloud customers or their cloud users impact on your quality of service?
  3. Can you guarantee that you will be able to access the data or services when you need them?
  4. How will you cover the hardware and connection costs of cloud users accessing the cloud service when away from the office?
  5. If there was a major outage at the cloud provider how would this impact on your business?
Legal

  1. Make sure you have a written contract in pl ace with your cloud provider . How will the cloud provider communicate changes to the cloud service which may impact on your agreement?
  2. Which countries will your cloud provider process your data in and what information is available relating to the safeguards in place at these locations?
  3. Can you en sure the rights and freedoms of the data subjects are protected?
  4. You should ask your cloud provider about the circumstances in which you r data may be transferred to other countries. Can your cloud provider limit the transfer of your d ata to countries that you consider necessary.

See more at
https://ico.org.uk/media/for-organisations/documents/1540/cloud_computing_guidance_for_organisations.pdf
Make sure you take necessary measures before downloading anything from the internet!

TimHJRogers

+447797762051 Skype: timhjrogers TimHJRogers@gmail.com
#projects #process #change #gdpr

No comments:

Post a Comment