If your company is based in Europe or you store data on EU residents, there are some privacy regulations you have to follow or risk fines. Using cloud apps can expose you to additional compliance risk if not managed properly.

1. 11 EUROPEAN PRIVACY
REGULATIONS THAT
COULD COST YOU
€1 MILLION IN FINES – AND
HOW TO AVOID THAT

2. Every company uses cloud services

3. The average company uses 738, in fact
Click here to learn more
cloud adoption statistics

4. And if you meet one of these conditions you have
some EU regulations you need to follow:
Office in
Europe
Data passes
through Europe
Hold data on EU
residents

5. Who
cares. What’s the
worst that could happen?

6. Prosecution, fines,
and imprisonment

8. Or more likely, your cloud
project could be put on hold

9. There are 11 key privacy regulations

10. Norway
Personal Data Act of 2000
United Kingdom
Data Protection Act of 1998
Netherlands
Personal Data Protection Act
France
Data Protection Act Italy
Personal Data Protection Code
Switzerland
Federal Data Protection Act
Germany
Federal Data Protection Act
Denmark
Act on Processing of Personal Data
Sweden
Personal Data Act of 1998
European Union
Data Protection Directive
General Data Protection Regulation

11. They all concern personally
identifiable information
Personal information [pur-suh-nl in-fer-mey shuh n]
Any information that could be (even if it is not currently)
linked to a living person including: name, date of birth,
phone number, address, credit card number, political
persuasion, ethnicity, union membership, and
computer IP address.

12. Most of the legal responsibilities fall on data controllers. In
other words, companies like you that use cloud services
Data Controller (user of the cloud service)
Data Processor (cloud service)

13. First off, many regulations require you to notify
individuals and receive their consent before
storing or using data about them

14. You generally cannot transfer personal data to
countries outside the EU that do not have
equivalently strong data protection laws
Andorra Argentina Canada
Faroe Islands Guernsey Isle of Man
Israel Jersey New Zealand
Switzerland Uruguay
Right now that’s every country except:

15. But in some cases it’s okay to transfer data to the US
if the cloud provider is Safe Harbor certified

16. Every other country in the world is off limits for
transferring data
That can be problematic since you may not have
control over where a provider stores your data

17. Another requirement: you need to provide individuals
access to the data you store about them

18. And detect security
breaches and report
them to the authorities

19. Don’t expect the cloud provider to be
responsible for reporting breaches, many of
their default terms and conditions make the
customer responsible for detecting breaches

20. Sounds like I’m stuck between a rock and a
hard place. Isn’t there a loophole?

21. Well, if you encrypt the data using your own
encryption keys you are exempt from some
breach notification rules

22. But European privacy laws still require you to
take steps to protect personal data, including:
Strong
passwords
Secure
workstations
Information
security training

23. For more information on what each law
requires, download the cheat sheet
Download Now
European Regulations
That Impact Cloud Usage
http://bit.ly/EUregulations