Who Is Responsible for Data in the Cloud?

“One security gamble when moving to the cloud is the data owner’s loss of control.”

Government Tech

In our complex and ever-changing digital landscape, the issue of data privacy and security has risen to the top of the agenda. It’s the last remaining hurdle to universal cloud adoption, with a 9% increase this year in those citing data security as their main cloud concern, according to Cloud Industry Forum (CIF) research published back in June.

Most of us are converted to the advantages and benefits of transferring data and processes over to the cloud, but have doubts about handing over control and responsibility to someone else. This one question that still perplexes many cloud users and skeptics is – “who is responsible for data in the cloud?”

It’s a grey area for sure. The cloud is still in its infancy and despite the speed of its growth and the urgency of user adoption, certain key issues like compliance and responsibility, have been left to chance by cloud users.

Recent high-profile data breaches, personal information thefts and large-scale hacks have proven that we can’t afford to leave the responsibility to chance. So who is responsible for protecting your personal information in the cloud? Is it you, or the cloud provider? And what does the law say in the event of a data breach or misuse of your personal data in the cloud?

Well, while you might assume that your cloud provider is responsible for the safety of your data once you entrust it to the cloud, you are, in fact still liable.

Under current legislation, the cloud provider is merely a ‘processor’ of that data, while you remain ‘controller’.

General Data Protection Regulation (GDPR)

New regulation expected in October 2015 will demand must stricter security from controllers in the way they handle cloud-based data. In the new EU General Data Protection Regulation (GDPR) framework, businesses using the cloud will have to appoint an in-house data protection officer, appropriately trained in compliance, how to conduct security audits and deal with data breaches. When the EU directive comes into effect, the Information Commissioner’s Office (ICO) will be able to find companies that breach the Data Protection Act.

The stakes of ensuring the security of cloud-based data will be higher once the new regulation comes into place in October, and trusting your data to the cloud will become less of a gamble. We’d expect the demand for skilled professionals with the right niche data protection skills to soar.

We have an unmatched global network of fully referenced cloud professionals and data protection specialists on our books, so if you’re looking for a cloud security expert with the kind of specialist skills to help you comply with new regulations, we can help you find them – Get in touch today!

Read more about cloud data security and the rise of confidential computing.