GDPR compliance: proposed technical and organizational measures for cloud provider
Information and Computer Security
ISSN: 2056-4961
Article publication date: 8 June 2020
Issue publication date: 4 November 2020
Abstract
Purpose
The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR).
Design/methodology/approach
This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes countermeasures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and countermeasures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers.
Findings
The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance.
Originality/value
Keywords
Acknowledgements
This work has been partially supported by the Research Center of the University of Piraeus.
Citation
Georgiopoulou, Z., Makri, E.-L. and Lambrinoudakis, C. (2020), "GDPR compliance: proposed technical and organizational measures for cloud provider", Information and Computer Security, Vol. 28 No. 5, pp. 665-680. https://doi.org/10.1108/ICS-01-2020-0009
Publisher
:Emerald Publishing Limited
Copyright © 2020, Emerald Publishing Limited