GDPR came into effect in May 2018 and is now the gold standard for privacy regulations worldwide. Businesses collecting data from - or on - EU users (data subjects) are required to comply with rules that include:
- Creating processes with user data protection at its foundation;
- ensuring consumers’ rights to be informed about the collection and use of their personal data;
- giving individuals the ability to access and to rectify, erase, port or restrict the processing of their personal data;
- notifying the proper authorities about personal data breaches within 72 hours of their occurrence.
A business (data controller) is required to know precisely what PII (Personally identifiable information) they have, where it’s stored, how long it needs to be stored, and whether it has been breached. The regulation also covers data processors – like AWS, Google Cloud and Azure – for cloud storage compliance and several other aspects.
This paper will examine four areas of the GDPR that every organization with data in public cloud needs to address.