#DSCloud16: Firms must double-check if their data security is compliant
16 June 2016 |
Many businesses who believe they are compliant need to reconsider whether their cloud security is up to scratch, according to an expert.
Speaking at Data Security in the Cloud 2016, Birmingham City Council privacy and information lawyer Rocio de la Cruz said: "Most organisations have had the opportunity to audit. They thought they were compliant with the Data Protection Act but they were not."
If these companies do not know what is going on within their own organisations, she asked, how can they possibly know what is happening to the data they store in the cloud?
The regulations say that firms must audit their providers before they begin to use them to ensure that they are compliant, de la Cruz explained.
“So this is something you need to review before you get into it,” she said. “Not only because the regulation says you have to, but because this is a way to minimise risk.”
By properly assessing suppliers before entering a contract, firms can make it easier to determine who is at fault if something ever does go wrong, and whether they are entitled to compensation. As such, organisations must make sure their contracts detail which party is responsible for different aspects of the move to the cloud.
“It will be mandatory with the regulation, but if you put it in place now it will help to minimise risk,” de la Cruz said.
Under the new General Data Protection Regulation, firms can receive fines of up to €20 million or four per cent of annual global turnover, so the stakes are high for getting this right.