GDPR Compliance Assessment for Cloud
Cloud service providers face intense scrutiny with GDPR around the corner, as their customers will be potentially liable for any breach of the regulation and/or data leaks.
With this shift of liability, organisations must take measures to ensure that cloud service providers (and other third parties involved in data storage and processing) meet the readiness requirements set by GDPR. You have to be fully aware of not only the cloud services being used within your organisation, but also understand the services that your employees are using too.
Personal data is often found in emails and documents that are stored in cloud services – which are often not monitored by IT departments. To ensure compliance under the new rules, organisations must implement measures to give them visibility of these cloud services and bring them under their control.
With our compliance assessment for cloud, we use utilise industry-leading technology and intelligence to ensure discovery of all cloud applications in use at the client site and assess the associated privacy risks.
The assessment helps you:
- Discover cloud apps that do not meet enterprise readiness requirements
- Acquire an understanding of the geographical location of any personal data that is being processed by cloud apps
- Determine which cloud apps are used for business-critical purposes
- Identify cloud apps with no data processing agreements
- Identify cloud apps with data export and deletion terms that do not meet requirements
- Identify cloud apps where terms do not ensure that customer ownership is maintained
- Understand the privacy features that your cloud apps employ and identify any data sharing with third parties
The resulting report provides advice on appropriate actions in terms of monitoring and protection, as well as highlighting areas where user education is needed.