In 2016, Europe introduced new legislation on the protection of personal data. Companies, organizations and agencies have until May 2018 to organize and secure their data in such a way that it complies with the guidelines that are set. The law is known internationally as the GDPR (General Data Protection Regulation), in the Netherlands this law becomes AVG (General Personal Data Regulation). How does this law relate to data storage in the cloud? Is that a place where you want to store data or not? What is allowed and what is not allowed?
What does the GDPR entail?
The GDPR applies to any body that, commercially as well as for other purposes such as a club, holds personal data of citizens of the European Union. Personal data is data that can be linked to an individual or with which an individual can be identified. Think of the name, a photo, telephone numbers or address details, medical data, etc. The goal is that data is protected and cannot fall into the hands of the wrong people or organizations. Misuse of personal data can take place in a relatively innocent area such as in the field of marketing to criminal activities such as identity fraud or theft.
The rules of the GDPR
The General Data Protection Regulation can be summarized in a number of rules. Please note, this specifically concerns people within the EU.
The person whose data is processed knows that his data will be stored. He has given permission for this and knows his rights in this matter.
- Purpose Limitation
Personal data is only used for the predetermined and transparent purpose.
- Data restriction
Only the personal data necessary for the destination are collected and stored.
The personal data must be correct.
- Retention Restriction
Personal data may not be kept longer than necessary for the intended purpose.
- Integrity and Confidentiality
All personal data must be kept secure so that it cannot be accessed by unauthorized persons and cannot be lost or destroyed.
The responsible person within the organization must be able to demonstrate that all the above rules are met.
AVG in the cloud
Microsoft Azure is a well-known and one of the largest cloud solutions. Microsoft Azure is a public cloud platform for data storage and offers a wide range of services such as Infrastructure as a Service (IaaS) and Platform as a service (PAAS). To completely GDPR-proof The Sourcing Company also offers a hybrid cloud solution derived from Microsoft Azure: Azure Stack. The best of both worlds; the proven good of Microsoft Azure, but with an extra safety boost to be fully GDPR-compliant.
The server is managed by The Sourcing Company and is located on Dutch territory. This means that the entire data storage in the cloud complies with the strict Dutch and European legislation, such as the GDPR. Because the Azure Stack has a very high speed with regard to the implementation of updates, the data storage at Azure Stack is extra protected against viruses and hacks. Many updates also serve to improve that security.
Would you like to know more about GDPR and cloud solutions?
Do you want to make sure that your data is stored according to GDPR guidelines and do you want to know more about secure data storage in the cloud? Download this whitepaper now and learn everything about secure cloud solutions. Or contact us, we are happy to sit down with you.