We have now entered a new era of data protection. The GDPR came into force on 25th May, introducing a new set of more stringent requirements for businesses processing individual’s data – and much more substantial penalties for getting it wrong.
For many organisations this has required a fundamental shift in the way that data is handled, in particular when it comes to storage. If you’re still relying on traditional methods of data storage then you could very easily fall foul of GDPR.
Why it makes sense to move data storage to the cloud
Making data more secure.
Under GDPR there is far less tolerance for businesses that are storing data in ways that are not as secure as they could be – for example, using paper-based files or mobile devices that could be lost or stolen. GDPR requires a privacy-by-design approach, i.e. looking at the systems in place for storing data and designing them to be more secure and efficient, as opposed to adding this on as an afterthought.
The cloud has the potential to upgrade the security of data storage for any business, thanks to features such as regular maintenance and monitoring, as well as more complex access authentication.
Simplifying the auditing and processing of data.
There are a number of requirements within GDPR that will put a lot of pressure on businesses that have not taken steps to centralise and organise data storage. For example, the right to be forgotten gives consumers the right to ask an organisation to delete any data that is held about them within a reasonable timeframe. This will be almost impossible to execute where data storage is disparate, disorganised and decentralised.
Demonstrating commitment to compliance.
The GDPR requires businesses to asses the way that they are dealing with data and to make clear changes to ensure compliance. Data storage in the cloud is an obvious way to demonstrate this.
Implications & challenges of GDPR on cloud computing
There are a number of key challenges for cloud computing in the light of GDPR. Perhaps the most significant is to ensure that cloud data practices (for example, robust password enforcement and the use of encryption keys) are compliant with the GDPR. It will also be important to look beyond immediate functions to where the GDPR could impact more broadly on cloud infrastructures, for example ensuring that all apps used as part of cloud storage are also compliant.
How Microsoft Office 365 ensures compliance
Microsoft Office 365 makes it easy to manage compliance with processes such as ongoing risk assessment. A selection of built-in, audit-ready tools in Microsoft 365 provide simple systems for strengthening data security and protecting customer data across all devices to ensure ongoing GDPR compliance.