GDPR compliance: proposed technical and organizational measures for cloud provider

摘要

Purpose - The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR). Design/methodology/approach - This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes counter-measures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and counter-measures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers. Findings - The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance.