Risk management for cloud compliance with the EU general data protection regulation

Bob Duncan, Yuan Zhao

Research output: Chapter in Book/Report/Conference proceedingPublished conference contribution

3 Citations (Scopus)

Abstract

Many cloud users are oblivious to the potential regula¬tory risks facing them should they be unable to comply with the EU General Data Protection Regulation (GDPR). As a result of one of the last minute changes to the GDPR last year, whereby instead of requiring reporting of a breach 'within 72 hours of the occurrence of that breach', it was changed to 'within 72 hours of discovery of a breach'. Until this subtle shift in the regulation took place, a great many companies were very focussed on cutting the time between breach and discovery. Now, a great many companies, both large and small, have breathed a huge sigh of relief, and stopped working on cutting down this time. Another change to the regulation extended the jurisdiction of the regulation from data processors located anywhere in the whole of the EU, to any data processor processing the data of any EU resident, anywhere in the world. Of course, this is only an issue if a breach takes place, but as this is no longer a case of if, but when, then companies would do well to be prepared for this inevitable certainty. For those companies who use cloud, there are additional considerations which must be taken into account, due to the Cloud Forensic Problem. This paper considers how companies should address many of the unexpected risks associated with the use of cloud in their organisations, and considers how they should go about monitoring their systems in order to get a much faster idea of who is getting into their systems, and understanding the full extent of the risks involved. Failure to comply brings serious consequences with it. Fines for a single breach can rise to the higher of €20 million or 4% of global turnover.

Original languageEnglish
Title of host publication2018 International Conference on High Performance Computing and Simulation, HPCS
EditorsKhalid Zine-Dine, Waleed W. Smari
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages664-671
Number of pages8
ISBN (Electronic)9781538678787
DOIs
Publication statusPublished - 29 Oct 2018
Event16th International Conference on High Performance Computing and Simulation, HPCS 2018 - Orleans, France
Duration: 16 Jul 201820 Jul 2018

Conference

Conference16th International Conference on High Performance Computing and Simulation, HPCS 2018
Country/TerritoryFrance
CityOrleans
Period16/07/1820/07/18

Bibliographical note

Publisher Copyright:
© 2018 IEEE.

Keywords

  • Cloud forensic problem
  • GDPR compliance
  • Risk management

Fingerprint

Dive into the research topics of 'Risk management for cloud compliance with the EU general data protection regulation'. Together they form a unique fingerprint.

Cite this