Skip to content
iland Cloud Official Site
iland Cloud Official Siteiland Cloud Official Site
  • Why iland
    • Submenu
      • Column 1
        • iland secure cloud console
          Secure Cloud Console
          iland compliance
          Compliance
          iland proven technology
          Cloud Platform
          iland pricing
          Pricing

      • Column 2
        • iland Security
          Security
          iland global regions
          Cloud Regions
          iland networking
          Cloud Connectivity
          iland interactive tour
          Interactive Tour

      • WHY CHOOSE iland
      • OverviewYour business is unique, your cloud should be too.
      • About ilandThe making of a market leader.
      • LeadershipMeet our experienced & knowledgeable executive team.
      • News & MediaFind out what’s new and happening at iland.
      •  
      • CareersYour future starts here. Join the #ilandlife today.
      • Technology PartnersGreat partnerships are built on great technologies.
      • Customer StoriesDiscover why customers are choosing iland Cloud.
      • BlogTips, tricks, opinions, and news from iland experts.
  • Products & Services
    • Products & Services
      • PRODUCTION HOSTING
      • Secure Cloud Overview
      • Secure Public CloudRun VMware natively. No refactoring required.
      • Secure Private CloudDedicated cloud for performance and security.
      • Object StorageS3-compatible storage for long-term retention.
      • BACKUP
      • Secure Backup Overview
      • Secure BackupSecure cloud backup for no-compromise data protection
      • Microsoft 365Complete data protection for Microsoft 365
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS with VeeamSimplified Disaster Recovery for your unique business
      • DRaaS with ZertoContinuous availability for 24×7 IT resilience
      • AutopilotFully-managed disaster recovery as a service.
      • DRaaS for Physical ServersReplicate physical servers to iland.
      • MANAGED SECURITY
      • Managed Security Overview
      • Continuous Risk ScanningDiscover and monitor vulnerabilities
      • Managed SIEMManaged security information and event management
      • Managed EDRManaged endpoint detection and response
      • Managed FirewallSimplify and improve network edge security
      • SUPPORTING SERVICES
      • Cloud Labs
      • Cloud Connectivity
      • Colocation/Bare-Metal
      • Managed Services
      • Migration Services
      • 24x7x365 Support
      • Strategy, Assessment & Planning
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
      • Column 2
        • iland Health Solutions

          Keep IT healthy.

          See our healthcare expertise.

          What's next in finance?

          Transform & modernize your IT.
          Learn More
          Learn More
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Login to Portal
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • Whitepapers
      • Podcast
      • Datasheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Success Center
      • API Documentation
Search:
  • Console Login
  • Contact Us
Header Right Menu
Free Trial
  • Why iland
    • Secure Cloud Console
    • Compliance
    • Cloud Platform
    • Pricing Model
    • Security
    • Cloud Regions
    • Cloud Connectivity
    • Interactive Tour
    • WHY CHOOSE iland
    • OverviewYour business is unique, your cloud should be too.
    • About ilandThe making of a market leader.
    • LeadershipMeet our experienced & knowledgeable executive team.
    • News & MediaFind out what’s new and happening at iland.
    •  
    • CareersYour future starts here. Join the #ilandlife today.
    • Technology PartnersGreat partnerships are built on great technologies.
    • Customer StoriesDiscover why customers are choosing iland Cloud.
    • BlogTips, tricks, opinions, and news from iland experts.
  • Products & Services
    • PRODUCTION HOSTING
    • Secure Cloud Overview
    • Secure Public CloudRun VMware natively. No refactoring required.
    • Secure Private CloudDedicated cloud for performance and security.
    • Object StorageS3-compatible storage for long-term retention.
    • BACKUP
    • Secure Backup Overview
    • Secure BackupSecure cloud backup for no-compromise data protection
    • Microsoft 365Complete data protection for Microsoft 365
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS with VeeamSimplified Disaster Recovery for your unique business
    • DRaaS with ZertoContinuous availability for 24×7 IT resilience
    • AutopilotFully-managed disaster recovery as a service.
    • DRaaS for Physical ServersReplicate physical servers to iland.
    • MANAGED SECURITY
    • Managed Security Overview
    • Continuous Risk ScanningDiscover and monitor vulnerabilities
    • Managed SIEMManaged security information and event management
    • Managed EDRManaged endpoint detection and response
    • Managed FirewallSimplify and improve network edge security
    • SUPPORTING SERVICES
    • Cloud Labs
    • Cloud Connectivity
    • Colocation/Bare-Metal
    • Managed Services
    • Migration Services
    • 24x7x365 Support
    • Strategy, Assessment & Planning
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Login to Portal
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact Us
  • Console Login
  • Free Trial
Author: William McHenry
Date: November 2, 2017

Ensuring Data Protections in the Cloud

Secure dataGDPR is on the minds of every business operating in the EU.

What is it? How do we adhere? What do we have to do? 

Those are just the beginning questions. If you’re like most businesses you also have a cloud footprint to consider. So, what do you have to do with the information stored in the cloud?

We know the questions and concerns you have around this new law and we’re here to help! We’re hosting a webinar November 16th to cover how you should interact with your cloud services provider to ensure that you’re in compliance with GDPR.

To efficiently manage the interactions with your provider and build your GDPR compliance, we recommend that your interactions are decomposed into three separate steps:

  • Understanding what kind of data you are storing with the provider
  • Establishing the contractual relationship between you and your provider
  • Validating your provider’s adherence with GDPR

Following these steps will enable you to be better prepared by the time that the implementation date arrives – which is May 25th, 2018.

 

Understanding what kind of data you are storing with the provider

Decision makers that are responsible for acquiring cloud services for their organizations must be aware of, and understand, what kind of data that they are storing with their providers. If that data meets the definition of “personal data” of an EU citizen under GDPR, then that data will fall under the requirements of that regulation. Under Art. 4 of the GDPR, “personal data” is defined as any information relating to an identified natural person or any information that can be utilized, directly or indirectly, to identify a natural person. While it is obvious that this would include names, ID numbers, and locations, you may not be aware that this includes online identifiers and factors that that identify the physical, cultural, or even social identity of a natural person. Knowing whether personal data of this nature resides with, or could potentially reside with, your provider is significant since it affects whether GDPR would apply.

Establishing the contractual relationship between you and your provider

Once you determine that personal data of an EU citizen would potentially reside with your provider, and thus GDPR would apply, you must then establish the contractual relationship between you and the provider. You will need to designate the Controller and Processor roles and communicate the types of data and controls in place to protect that data to the Processor. Under Art. 4 of the GDPR, you would be the Controller, which is the entity responsibility for determining the purpose and means of processing the personal data. The provider would be the Processor, which is the entity which processes that data on behalf of you. Once those roles have been designated within the contract, the types of data and the controls that the Processor has in place to protect that data will have to be detailed. Because the language of Art. 5 Section 1(f) of the GDPR only indicates that the processing of personal data must be done in a manner that has “appropriate security” and that utilizes “appropriate technical or organisational measures,” you must set your own contractual controls in regards to what the provider must do in order to protect the personal data. These controls would be in the initial contract if you are working with a new provider, but, if you already have a contract with a provider in place and that contract does not account for GDPR, you will need to seek an addendum to that existing contract in order to ensure that both you and your provider comply.

Validating your provider’s adherence with GDPR 

Before and after signing any contracts or addendums with a provider, you should be sure to perform due diligence on that provider in order to validate that they are complying with GDPR. Prior to signing the initial contract with the provider, you should ensure that that provider’s GDPR program applies to all products, services, and sub-vendors of that provider and not just a small subset of that group. Making sure that that is the case is important in order to avoid unpleasant surprises several months into the contract. Further, even once the all of the data and controls have been agreed to and the contract has been signed, you still need to continuously assess the provider by monitoring and auditing their program. Under Art. 28 of the GDPR, the processor must allow you, the controller, to audit its activities in order to ensure that the processor is being compliant with the both the regulation and the requirements set forth in its contract.

Understanding how to interact with your provider is a significant aspect of GDPR compliance. Performing the three steps discussed above will ensure that you’re interacting with your provider in a manner that is on track with GDPR compliance. Join our webinar, Meeting Your GDPR Data Requirements While Residing in the Cloud to learn more!

Categories: Cloud Compliance, SecurityBy William McHenryNovember 2, 2017

Author: William McHenry

William is the Compliance Counsel based in iland’s Houston headquarters. He specializes in Data Protection Laws, such as GDPR and HIPAA, and Commercial Transactions. In order to achieve his objectives, he frequently coordinates with customers, vendors and various iland teams. He is licensed to practice law in Texas and holds both a Juris Doctor degree and an International and Comparative Law Certificate from Tulane University. Prior to joining iland, he worked for four years at a law firm in New Orleans that specialized in Litigation Management Solutions.

Post navigation

PreviousPrevious post:Leading the Charge in Cloud SecurityNextNext post:3rd Party Firewalls in the iland Secure Cloud

Related Posts

11:11 Systems Completes Acquisition of Static1
July 11, 2022
iland Wins Zero Trust Security Excellence Award
July 5, 2022
Experts: Prepare for Busy 2022 Hurricane Season
July 1, 2022
What Our Customers Have to Say About 2022’s Most Pressing Cloud Challenges
June 10, 2022
Ready or Not, Cybercrime is on the Rise. Wouldn’t You Rather Be Ready?
May 16, 2022
Bolster Protection with Managed Security Services
April 28, 2022
iland, an 11:11 Systems Company
PRODUCTS & SERVICES
  • Secure Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Cloud Connectivity
  • 24x7x365 Support
  • Compliance
  • Free Trials
COMPANY
  • Why iland
  • Cloud Platform
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD LOCATIONS
  • Dallas, TX
  • Los Angeles, CA
  • Northern Virginia
  • Toronto, Canada
  • London, UK
  • Manchester, UK
  • Amsterdam, NL
  • Singapore
  • Melbourne, AU
  • Sydney, AU
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2022 iland™ All Rights Reserved | Privacy Notice

Go to Top