Cloud Computing - Managing Data Protection Compliance, Risks, and Accountability
Practical guidelines on how to identify specific data protection compliance aspects, risks and demonstrate accountability under the EU General Data Protection Regulation (GDPR) in the cloud computing domain.
Paolo Balboni, Extraordinary Professor of Privacy Law, Maastricht University
Daniele Cattedu, Chief Technology Officer, Cloud Security Alliance
Cosimo Monda, Director, European Centre on Privacy and Cybersecurity, Maastricht University
In this course data protection implications of cloud computing are specifically analysed, and practical insights on how address compliance and demonstrate accountability in such complex domain will be shared with the participants.
The following questions are addressed:
- How cloud computing can be defined?
- How cloud computing services work in practice (service models: IaaS, PaaS, SaaS; deployment models: public cloud, private cloud, hybrid cloud)?
- Which are the main data protection issues related to cloud computing?
- Which are the main contractual issues related to cloud computing?
- Which are the main provisions of the GDPR which need to be considered in the cloud computing domain?
- Which are the main documents issued by EU (data protection) authorities/institutions on personal data processing related to cloud computing?
- Are there international standards/codes of conducts related to cloud computing and data protection compliance?
- Introducing the Privacy Level Agreement [V3] Code of Conduct: A Compliance Tool for Providing Cloud Services in the European Union, how it works and how can it be leverage for assessing compliance of cloud services with the GDPR?
- How to deal with data breaches which involve a cloud service providers?
- How to assure data subjects’ rights in the cloud, especially data portability, access, erasure (“right to be forgotten”), restriction of processing?
- How to deal with data transfer in the cloud computing domain?
- Does cloud computing trigger the obligation to conduct a DPIA?
- How to determine the appropriate technical and organisational measures to ensure a level of security appropriate to the risk posed by cloud computing?
- How to monitor/control data processing in the cloud?
- How to deal to with Law Enforcement Authorities’ requests for disclosure of personal data in the cloud?
- How to deal with data restitution/deletion in the cloud?
- How to deal with ‘migration’ and ‘transfer back’ without losing control on the data in the cloud environment, and in compliance with the GDPR?
- How to effectively regulate cloud computing services to assure compliance with the GDPR (e.g., data processing agreements, data protection clauses)?
- Big data & analytics, cloud computing and internet of things are converging to develop cutting-edge solutions, how to deal with compliance in complex/data-intensive environment?
At the end of you course you will have a sound understanding of the concepts above and how to bring this in practice. In addition, there will be plenty of opportunity to network with your peers and discuss with the experts.