EU data protection law has implications for the cloud


Data privacy has been a hot topic lately, particularly as organizations shift toward online database software for managing consumer information. The European Union recently proposed a data protection law that mandates organizations follow privacy standards. For example, one of the law’s provisions requires companies with more than 250 employees to appoint a data protection officer. Although the law may have widespread implications, Network World columnist Ellen Messmer recently suggested it could also bring a number of challenges to cloud adoption in European countries.

The law’s cloud-related provisions are designed to improve transparency among service providers. Messmer noted, for example, that providers will be required to detail in the contract where they will store an organization’s data. The legislation’s supporters have said that customers should be able to “visit their data,” but critics worry that it may be difficult for cloud companies to fully implement the law’s requirements.

Organizations in the United States have also faced a shifting climate with regard to cloud contracts. As Messmer noted, the U.S. government’s FedRAMP program was designed to streamline cloud provisioning for federal agencies. However, it also established a strong set of security considerations.

“These include practices for incident response in the cloud, forensics in a highly dynamic environment, threat detection and analysis in a multi-tenant environment, and continuous monitoring for remediation, among other things,” Messmer wrote. “One FedRAMP idea is that service providers must be prepared to report security incidents of many types to the U.S. CERT and the government agency that might be impacted.”


Subscribe to TrackVia’s Blog