Cloud Hosting

Brought to you by Talkin' Cloud

Businesses have over a year before the EUs General Data Protection Regulation (GDPR) goes into effect in May 2018, but experts say its not too early for cloud providers to start thinking about how they will comply.

In an interview withTalkin Cloud, Patrick Lastennet, Interxions director of marketing and business development, says that cloud providers should start evaluating their systems and processes now to ensure they protect data adequately under the new regulation.Interxion, a European provider of colocation services, is watching the issue closely as its clients turn to the company to provide compliance guidance.

GDPR, which will start being enforced on May 28, 2018, has abroader scope than the current 95/46/CE Directive,and will mean that more companies headquartered outside of the EU will have to comply with European data protection rules.A study released in July found that European businesses are still fairlyunprepared for the new data privacy regulation.

Lastennet says that the scope of the new regulations is significant, and will impact cloud service providers of all sizes.

Its a big deal because weve moved at the European level from a directive to a regulation, he says. With a directive theres some scope of interpretation by country and its not necessarily always punitive; here the regulation means the same law gets passed into every European country.

Another very important principle is that it places the burden of proof on the organizations, whereas previously individuals had to prove theyd been impacted by personal data misuse or breaches, he says. The organizations need to essentially prove that theyve done all the right things to protect the data.

Under the GDPR, technical identifiers like IP addresses are considered personal data, which means cloud providers should look at their systems and review their processes around how this type of data is protected.

Brexit, and the political climate around the globe, may make data protection rules more complicated.

Data transfer outside of the EU is a really hot topic, Lastennet says. Youre entitled to transfer data to countries which are adequate with European protection regulation and its gets a bit trickythe process by which countries are deemed adequate is really at the discretion of the governments.

Whether the U.S. becomes adequate or not is largely depending on political forces interfering there, he says.

Compliance with regulations such as GDPR is a key reason cloud providers have rolled out compute and storage within the EU.

The trend started with Ireland and Amsterdam to a certain extent and then everyone went to Germany, which has got the strictest data protection rules, he says. Then we see all these cloud providers go to other areas like France and Spain, and also gateway cities like Vienna and Stockholm, as well as cloud providers deploying locally.

Weve seen other European cloud providers argue that no matter what the data must reside in the country and I think that angle is not going to work because you dont necessarily have to have all data localized within the country where its been sourced, he says.

Cloud providers who take a more proactive approach to compliance will gain a competitive advantage, according to Lastennet.

One of Interxions customers, a European OpenStack cloud company calledCity Cloud, is offering compliance as a service to its customers.

There is an opportunity for cloud providers who do the legwork with the regulation and tell the customers, look, with me, youve got a one-stop shop, he says.

Other cloud providers such as Amazon Web Services or SoftLayer are offering encryption tools to their enterprise clients to help with compliance.

Enterprises will typically use the cloud to run applications and store data, make sure that everything is encrypted within the cloud, but the management and the key custody is actually completely disassociated from that cloud environment, Lastennet says.

In its own data centers, Interxion typically sees clients host a couple HSNs (device that protects encryption) in its data center and then use its Cloud Connect secure connectivity to connect back to their application in the public cloud.

Link:
GDPR Compliance Presents Business Opportunity to Proactive Cloud Firms - The VAR Guy