Can EU General Data Protection Regulation Compliance be Achieved When Using Cloud Computing

Bob Duncan

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

Abstract

The forthcoming EU General Data Protection Regulation (GDPR) will come into effect across the EU on 25th May 2018. It will certainly be the case that a great many companies will be inadequately prepared for this significant event. While a great many companies who use traditional in-house distributed systems are likely to have a hard enough job trying to comply with this new regulation, but those businesses who use any form of cloud computing face a particularly difficult additional challenge, namely the Cloud Forensic Problem. It is not enough that cloud use presents a far more challenging environment, but that the cloud forensic problem presents a far more difficult barrier to compliance. This problem arises due to the fact that all computing systems are constantly under serious attack, but once an attacker gains a foothold in a cloud system and becomes an intruder, there is very little to prevent the intruder from helping themselves to any manner of data covered by the GDPR, either by viewing it, modifying it, deleting it or ex-filtrating it from the victim system. Worse, there is nothing to prevent the intruder from gaining sufficient privileges to then completely delete all trace of their incursion, possibly deleting far more records than they need to in the process. We address exactly what the requirements of EU GDPR compliance are, consider whether this can be done without resolving the Cloud Forensic Problem, and propose some approaches to mitigate this problem, and possibly the massive potential fines that could then be levied.
Original languageEnglish
Title of host publicationCLOUD COMPUTING 2018 : The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
EditorsBob Duncan, Yong Woo Lee, Aspen Olmsted
PublisherIARIA
Pages1-6
Number of pages6
Publication statusPublished - 20 Feb 2018
EventThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization - Barcelon, Spain
Duration: 18 Feb 201822 Feb 2018

Publication series

NameCloud Computing 2018
PublisherIARIA

Conference

ConferenceThe Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
Country/TerritorySpain
CityBarcelon
Period18/02/1822/02/18

Keywords

  • EU GDPR
  • Compliance
  • Cloud Computing
  • Cloud Forensic Problem

Fingerprint

Dive into the research topics of 'Can EU General Data Protection Regulation Compliance be Achieved When Using Cloud Computing'. Together they form a unique fingerprint.

Cite this