Litcius/Paper detail

GDPR compliance: proposed technical and organizational measures for cloud provider

Zafeiroula Georgiopoulou, Eleni-Laskarina Makri, Costas Lambrinoudakis

2020Information and Computer Security27 citationsDOI

Abstract

Purpose The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR). Design/methodology/approach This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes countermeasures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and countermeasures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers. Findings The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance. Originality/value

Topics & Concepts

Cloud computingGeneral Data Protection RegulationComputer securityComputer scienceService providerService (business)Risk analysis (engineering)Data Protection Act 1998BusinessMarketingOperating systemCloud Data Security SolutionsPrivacy-Preserving Technologies in DataPrivacy, Security, and Data Protection