If your company is based in Europe or you store data on EU residents, there are some privacy regulations you have to follow or risk fines. Using cloud apps can expose you to additional compliance risk if not managed properly.
3. The average company uses 738, in fact
Click here to learn more
cloud adoption statistics
4. And if you meet one of these conditions you have
some EU regulations you need to follow:
Office in
Europe
Data passes
through Europe
Hold data on EU
residents
10. Norway
Personal Data Act of 2000
United Kingdom
Data Protection Act of 1998
Netherlands
Personal Data Protection Act
France
Data Protection Act Italy
Personal Data Protection Code
Switzerland
Federal Data Protection Act
Germany
Federal Data Protection Act
Denmark
Act on Processing of Personal Data
Sweden
Personal Data Act of 1998
European Union
Data Protection Directive
General Data Protection Regulation
11. They all concern personally
identifiable information
Personal information [pur-suh-nl in-fer-mey shuh n]
Any information that could be (even if it is not currently)
linked to a living person including: name, date of birth,
phone number, address, credit card number, political
persuasion, ethnicity, union membership, and
computer IP address.
12. Most of the legal responsibilities fall on data controllers. In
other words, companies like you that use cloud services
Data Controller (user of the cloud service)
Data Processor (cloud service)
13. First off, many regulations require you to notify
individuals and receive their consent before
storing or using data about them
14. You generally cannot transfer personal data to
countries outside the EU that do not have
equivalently strong data protection laws
Andorra Argentina Canada
Faroe Islands Guernsey Isle of Man
Israel Jersey New Zealand
Switzerland Uruguay
Right now that’s every country except:
15. But in some cases it’s okay to transfer data to the US
if the cloud provider is Safe Harbor certified
16. Every other country in the world is off limits for
transferring data
That can be problematic since you may not have
control over where a provider stores your data
19. Don’t expect the cloud provider to be
responsible for reporting breaches, many of
their default terms and conditions make the
customer responsible for detecting breaches
20. Sounds like I’m stuck between a rock and a
hard place. Isn’t there a loophole?
21. Well, if you encrypt the data using your own
encryption keys you are exempt from some
breach notification rules
22. But European privacy laws still require you to
take steps to protect personal data, including:
Strong
passwords
Secure
workstations
Information
security training
23. For more information on what each law
requires, download the cheat sheet
Download Now
European Regulations
That Impact Cloud Usage
http://bit.ly/EUregulations