We asked data protection regulators to share with us their views on the practical steps people should take regarding how to assess and deploy cloud services in a compliant way. We also discussed the value of standards and certifications as tools likely to inspire confidence with suppliers and users of cloud services.
Gwendal Le Grand
Director of Technology and Innovation, Commission Nationale Informatique et Libertés (French DPA)
Head of IT Policy sector, European Data Protection Supervisor
DPAs make it a point to spread practical information meant to help their constituencies. The very speed of ICT changes is a challenge for regulators. Is it still relevant at a time when hybrid solutions enjoy the fastest growth? Will a reference to cloud still make sense in a few years?
Providers and users of cloud services should realize that signing up to codes or having secured the right certificates is no relief from liability. Indeed, shifting to the cloud does not suspend regular rules more than driving an electric car would dispense with abiding by the rules of the road. You need only consider the latest data breaches which struck companies that had all the right registrations. More broadly, legal requirements apply across the board and are not negotiable.