Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • Cloud Console
          Cloud Console
          Compliance
          Compliance

      • Column 2
        • Global Regions
          Cloud Regions
          Catalyst
          Planning and Assessment

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      •  
      • Careers
      • Technology Partners
      • Customer Stories
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Veeam Backup
      • Microsoft 365 Backup
      • Managed Backup for Cohesity
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • DRaaS for Azure
      • Autopilot
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Cloud Console
    • Compliance
    • Cloud Regions
    • Planning and Assessment
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • Autopilot
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Author: William McHenry
Date: November 2, 2017

Ensuring Data Protections in the Cloud

Secure dataEditor’s Note: As of January 2022, iland is now 11:11 Systems, a managed infrastructure solutions provider at the forefront of cloud, connectivity, and security. As a legacy iland.com blog post, this article likely contains information that is no longer relevant. For the most up-to-date product information and resources, or if you have further questions, please refer to the 11:11 Systems Success Center or contact us directly.

GDPR is on the minds of every business operating in the EU.

What is it? How do we adhere? What do we have to do? 

Those are just the beginning questions. If you’re like most businesses, you also have a cloud footprint to consider. So, what do you have to do with the information stored in the cloud?

We know the questions and concerns you have around this new law, and we’re here to help! We have hosted a webinar to cover how you should interact with your cloud services provider to ensure that you comply with GDPR.

To efficiently manage the interactions with your provider and build your GDPR compliance, we recommend that your interactions are decomposed into three separate steps:

  • Understanding what kind of data you are storing with the provider
  • Establishing the contractual relationship between you and your provider
  • Validating your provider’s adherence with GDPR

Following these steps will enable you to be better prepared by the time the implementation date arrives – May 25th, 2018.

 

Understanding what kind of data you are storing with the provider

Decision-makers that are responsible for acquiring cloud services for their organizations must be aware of and understand what kind of data they are storing with their providers. If that data meets the definition of “personal data” of an EU citizen under GDPR, then that data will fall under the requirements of that regulation. Under Art. 4 of the GDPR, “personal data” is defined as any information relating to an identified natural person or any information that can be utilized, directly or indirectly, to identify a natural person. While it is obvious that this would include names, ID numbers, and locations, you may not be aware that this includes online identifiers and factors that that identify the physical, cultural, or even social identity of a natural person. Knowing whether personal data of this nature resides with, or could potentially reside with, your provider is significant since it affects whether GDPR would apply.

Establishing the contractual relationship between you and your provider

Once you determine that the personal data of an EU citizen would potentially reside with your provider, and thus GDPR would apply, you must then establish the contractual relationship between you and the provider. You will need to designate the controller and processor roles and communicate the types of data and controls in place to protect that data to the Processor. Under Art. 4 of the GDPR, you would be the controller, which is the entity responsible for determining the purpose and means of processing the personal data. The provider would be the Processor, which is the entity that processes that data on your behalf. Once those roles have been designated within the contract, the types of data and the controls that the processor has in place to protect that data will have to be detailed. Because the language of Art. 5 Section 1(f) of the GDPR only indicates that the processing of personal data must be done in a manner that has “appropriate security” and that utilizes “appropriate technical or organizational measures,” you must set your own contractual controls in regards to what the provider must do to protect the personal data. These controls would be in the initial contract if you are working with a new provider, but, if you already have a contract with a provider in place and that contract does not account for GDPR, you will need to seek an addendum to that existing contract to ensure that both you and your provider comply.

Validating your provider’s adherence with GDPR 

Before and after signing any contracts or addendums with a provider, you should be sure to perform due diligence on that provider in order to validate that they are compliant with GDPR. Prior to signing the initial contract with the provider, you should ensure that that provider’s GDPR program applies to all products, services, and sub-vendors of that provider and not just a small subset of that group. Making sure that is the case is important in order to avoid unpleasant surprises several months into the contract. Further, once all of the data and controls have been agreed to and the contract has been signed, you still need to continuously assess the provider by monitoring and auditing their program. Under Art. 28 of the GDPR, the processor must allow you, the controller, to audit its activities in order to ensure that the processor is compliant with both the regulation and the requirements set forth in its contract.

Understanding how to interact with your provider is a significant aspect of GDPR compliance. Performing the three steps discussed above will ensure that you’re interacting with your provider in a manner that is on track with GDPR compliance. View our webinar, Meeting Your GDPR Data Requirements While Residing in the Cloud to learn more!

Categories: Cloud Compliance, SecurityBy William McHenryNovember 2, 2017

Author: William McHenry

William McHenry Jr. worked in legal and compliance at 11:11 Systems.

Post navigation

PreviousPrevious post:Leading the Charge in Cloud SecurityNextNext post:Third Party Firewalls in the 11:11 Cloud

Related Posts

Security
You Can’t Win: Learning to Live with Security Pessimism
March 13, 2023
Building a Championship-Caliber Data Security Strategy
February 15, 2023
Veeam 12
Veeam 12 Preview: Multi-Factor Authentication
February 7, 2023
Preparing for 2023 with 11:11 Systems: IT Trends in Security, Cloud, and More
February 1, 2023
What is 11:11 Systems?
What is 11:11 Systems? A company built on cloud, connectivity, and security
January 30, 2023
11:11 Systems Wins 2022 Backup and Disaster Recovery Award from Cloud Computing Magazine
January 25, 2023
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice

Go to Top
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information that allows us to process data such as browsing behavior. Not consenting or withdrawing consent, may adversely affect certain features and functions. By clicking Accept, closing this message, or continuing to browse, you consent to these technologies and accept our Privacy Notice.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}