Skip to content
11:11 Systems
The Resilient Cloud Platform
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • 11:11 Systems Consulting
          Consulting Services
          Global Regions
          Cloud Regions
          11:11 Systems Security
          Security

      • Column 2
        • Cloud Console
          Cloud Console
          Catalyst
          Planning and Assessment
          Compliance
          Compliance

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      • ESG Program
      •  
      • Careers
      • Technology Partners
      • Customer Stories
      • Innovation Blog
  • Products & Services
    • Products & Services

        • Cloud Overview
        • Managed Public Cloud
        • Private Cloud
        • Object Storage
        • Cloud Labs
        • Flexible Cloud Environment/Colocation
        • AWS Solutions
        • Managed OS Services
        • Managed DB Services

        Infrastructure as a Service

        Take a 30-day free trial of 11:11 Cloud.

        Cloud hosting built for your business.
        START FREE TRIAL
        REQUEST A QUOTE

        • Backup Overview
        • Veeam Backup
        • Microsoft 365 Backup
        • Managed Backup for Cohesity
        • Cyber Vault
        • Data Protection Services
        Backup as a Service

        11:11 Cloud Backup

        Protect your data wherever it lives.
        REQUEST A QUOTE
        REQUEST A DEMO

        • DRaaS Overview
        • DRaaS for Veeam
        • DRaaS for Zerto
        • DRaaS for Azure
        • DRaaS for Cohesity
        • Managed Recovery
        • Cloud Recovery
        • Cyber Recovery Platform
        • Infrastructure Recovery
        • Continuity Consulting Services
        • Disaster Recovery Consulting
        Disaster Recovery

        5TB 30Day Free Trial of DRaaS for Veeam

        Protect your business-critical workloads and reduce recovery time with the Leader in Disaster Recovery.
        START FREE TRIAL
        LEARN MORE

        • Security Overview
        • Continuous Risk Scanning
        • Managed Detection and Response
        • Managed SIEM
        • Managed EDR
        • Managed Firewall
        • Application and Zero Trust Services
        Security Services

        Take the first steps toward cyber resilience.

        Download our white paper and learn how to stay ahead of threats.
        REQUEST A QUOTE
        DOWNLOAD NOW

        • Networking Overview
        • SD-WAN
        • Managed Connectivity for AWS Direct Connect
        • Multi-Cloud Connect
        • Network Consulting Services
        Connectivity Services

        Transform your network.

        Take your infrastructure and performance to the next level.
        REQUEST A QUOTE
        WATCH VIDEO
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
    • Solutions Business Objective Submenu
      • BUSINESS OBJECTIVE
      • Cyber Resilience
      • Modernize
      • Protect
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Consulting Services
    • Cloud Console
    • Cloud Regions
    • Planning and Assessment
    • Security
    • Compliance
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • ESG Program
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Managed Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Flexible Cloud Environment/Colocation
    • AWS Solutions
    • Managed OS Services
    • Managed DB Services
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • Cyber Vault
    • Data Protection Services
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • DRaaS for Cohesity
    • Managed Recovery
    • Cloud Recovery
    • Cyber Recovery Platform
    • Infrastructure Recovery Services
    • Continuity Consulting
    • Disaster Recovery Consulting
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed Detection and Response
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • Application and Zero Trust Services
    • NETWORK
    • Network Overview
    • SD-WAN
    • Managed Connectivity for AWS Direct Connect
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • BUSINESS OBJECTIVE
    • Cyber Resilience
    • Modernize
    • Protect
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Product Documentation
    • API Documentation
  • Contact
  • Login
  • Free Trial
Author: William McHenry
Date: November 2, 2017

Ensuring Data Protections in the Cloud

Secure dataEditor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.

GDPR is on the minds of every business operating in the EU.

What is it? How do we adhere? What do we have to do? 

Those are just the beginning questions. If you’re like most businesses, you also have a cloud footprint to consider. So, what do you have to do with the information stored in the cloud?

We know the questions and concerns you have around this new law, and we’re here to help! We have hosted a webinar to cover how you should interact with your cloud services provider to ensure that you comply with GDPR.

To efficiently manage the interactions with your provider and build your GDPR compliance, we recommend that your interactions are decomposed into three separate steps:

  • Understanding what kind of data you are storing with the provider
  • Establishing the contractual relationship between you and your provider
  • Validating your provider’s adherence with GDPR

Following these steps will enable you to be better prepared by the time the implementation date arrives – May 25th, 2018.

 

Understanding what kind of data you are storing with the provider

Decision-makers that are responsible for acquiring cloud services for their organizations must be aware of and understand what kind of data they are storing with their providers. If that data meets the definition of “personal data” of an EU citizen under GDPR, then that data will fall under the requirements of that regulation. Under Art. 4 of the GDPR, “personal data” is defined as any information relating to an identified natural person or any information that can be utilized, directly or indirectly, to identify a natural person. While it is obvious that this would include names, ID numbers, and locations, you may not be aware that this includes online identifiers and factors that that identify the physical, cultural, or even social identity of a natural person. Knowing whether personal data of this nature resides with, or could potentially reside with, your provider is significant since it affects whether GDPR would apply.

Establishing the contractual relationship between you and your provider

Once you determine that the personal data of an EU citizen would potentially reside with your provider, and thus GDPR would apply, you must then establish the contractual relationship between you and the provider. You will need to designate the controller and processor roles and communicate the types of data and controls in place to protect that data to the Processor. Under Art. 4 of the GDPR, you would be the controller, which is the entity responsible for determining the purpose and means of processing the personal data. The provider would be the Processor, which is the entity that processes that data on your behalf. Once those roles have been designated within the contract, the types of data and the controls that the processor has in place to protect that data will have to be detailed. Because the language of Art. 5 Section 1(f) of the GDPR only indicates that the processing of personal data must be done in a manner that has “appropriate security” and that utilizes “appropriate technical or organizational measures,” you must set your own contractual controls in regards to what the provider must do to protect the personal data. These controls would be in the initial contract if you are working with a new provider, but, if you already have a contract with a provider in place and that contract does not account for GDPR, you will need to seek an addendum to that existing contract to ensure that both you and your provider comply.

Validating your provider’s adherence with GDPR 

Before and after signing any contracts or addendums with a provider, you should be sure to perform due diligence on that provider in order to validate that they are compliant with GDPR. Prior to signing the initial contract with the provider, you should ensure that that provider’s GDPR program applies to all products, services, and sub-vendors of that provider and not just a small subset of that group. Making sure that is the case is important in order to avoid unpleasant surprises several months into the contract. Further, once all of the data and controls have been agreed to and the contract has been signed, you still need to continuously assess the provider by monitoring and auditing their program. Under Art. 28 of the GDPR, the processor must allow you, the controller, to audit its activities in order to ensure that the processor is compliant with both the regulation and the requirements set forth in its contract.

Understanding how to interact with your provider is a significant aspect of GDPR compliance. Performing the three steps discussed above will ensure that you’re interacting with your provider in a manner that is on track with GDPR compliance. View our webinar, Meeting Your GDPR Data Requirements While Residing in the Cloud to learn more!

Categories: Cloud Compliance, SecurityBy William McHenryNovember 2, 2017

Author: William McHenry

William McHenry Jr. worked in legal and compliance at 11:11 Systems.

Post navigation

PreviousPrevious post:Leading the Charge in Cloud SecurityNextNext post:Third Party Firewalls in the 11:11 Cloud

Related Posts

VMware Partner
Major VMware Partnership Announcement and How 11:11 Systems Keeps You Moving Forward
July 16, 2025
Digital Operational Resilience Act (DORA)
Helping the Financial Sector Deliver Secure and Modern Infrastructure through Regulation
July 10, 2025
Private Cloud: Your Best Resource
June 19, 2025
Veeam Licensing
New Tools for IT Firefighters
June 18, 2025
vulnerability management
A Modern Approach to Managing Vulnerabilities
May 30, 2025
Cyber Resilience
Data Protection vs. Cyber Resilience: Mastering Both in the Complex World of Gambling
May 27, 2025
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Network as a Service
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • X
  • Youtube

© 2025 11:11 Systems Inc., All Rights Reserved | Privacy Notice | Website Terms of Use |

Go to Top