Data Protection and the Cloud
Are the risks too great?
Published on 9. February 2015
83 pages
978-1-84928-713-5 (ISBN)
Description
An expert introduction
More than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.
Topics covered include:
Protecting the confidentiality, integrity and accessibility of personal data
Data protection responsibilities
The data controller/data processor relationship
How to choose Cloud providers
Cloud security - including two-factor authentication, data classification and segmentation
The increased vulnerability of data in transit
The problem of BYOD (bring your own device)
Data transfer abroad, US Safe Harbor and EU legislation
Relevant legislation, frameworks and guidance, including:
the EU General Data Protection Regulation
Cloud computing standards
the international information security standard, ISO 27001
the UK Government's Cyber Essentials scheme and security framework
CESG's Cloud security management principles
guidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP)
Mitigate the security risks
Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles.
More than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.
Topics covered include:
Protecting the confidentiality, integrity and accessibility of personal data
Data protection responsibilities
The data controller/data processor relationship
How to choose Cloud providers
Cloud security - including two-factor authentication, data classification and segmentation
The increased vulnerability of data in transit
The problem of BYOD (bring your own device)
Data transfer abroad, US Safe Harbor and EU legislation
Relevant legislation, frameworks and guidance, including:
the EU General Data Protection Regulation
Cloud computing standards
the international information security standard, ISO 27001
the UK Government's Cyber Essentials scheme and security framework
CESG's Cloud security management principles
guidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP)
Mitigate the security risks
Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles.
More details
Language
English
Place of publication
Ely
United Kingdom
Target group
Professional and scholarly
File size
0,34 MB
ISBN-13
978-1-84928-713-5 (9781849287135)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
Book
02/2015
IT Governance Publishing
€14.10
Article exhausted; check different version
Person
With a background in IT focused on CRM and other information management applications, Paul Ticher has worked on data protection for over 20 years. He is now a well-known consultant on the topic, mainly to non-profit organisations, and specialises in work with charities and voluntary organisations. Paul is the author of the standard work Data Protection for Voluntary Organisations (now in its third edition) as well as materials for ITGP and other publishers. He also carries out data protection reviews and delivers training and webinars on the topic.
Content
1: Background - The Data Protection Principles
2: The Data Controller/Data Processor Relationship
3: Security (Seventh Data Protection Principle)
4: Mitigating Security Risks in the Cloud
5: Transfers Abroad (Eighth Data Protection Principle)
6: Other Data Protection Principles
7: Other legal and technical implications for cloud contracts
8: Enforcement
9: The proposed new EU Regulation and other measures
10: Checklist
2: The Data Controller/Data Processor Relationship
3: Security (Seventh Data Protection Principle)
4: Mitigating Security Risks in the Cloud
5: Transfers Abroad (Eighth Data Protection Principle)
6: Other Data Protection Principles
7: Other legal and technical implications for cloud contracts
8: Enforcement
9: The proposed new EU Regulation and other measures
10: Checklist
