Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

11 European Privacy Regulations That Could Cost You €1 Million in Fines


Published on

If your company is based in Europe or you store data on EU residents, there are some privacy regulations you have to follow or risk fines. Using cloud apps can expose you to additional compliance risk if not managed properly.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

11 European Privacy Regulations That Could Cost You €1 Million in Fines

  2. 2. Every company uses cloud services
  3. 3. The average company uses 738, in fact Click here to learn more cloud adoption statistics
  4. 4. And if you meet one of these conditions you have some EU regulations you need to follow: Office in Europe Data passes through Europe Hold data on EU residents
  5. 5. Who  cares. What’s the worst that could happen?
  6. 6. Prosecution, fines, and imprisonment
  7. 7. Or more likely, your cloud project could be put on hold
  8. 8. There are 11 key privacy regulations
  9. 9. Norway Personal Data Act of 2000 United Kingdom Data Protection Act of 1998 Netherlands Personal Data Protection Act France Data Protection Act Italy Personal Data Protection Code Switzerland Federal Data Protection Act Germany Federal Data Protection Act Denmark Act on Processing of Personal Data Sweden Personal Data Act of 1998 European Union Data Protection Directive General Data Protection Regulation
  10. 10. They all concern personally identifiable information Personal information [pur-suh-nl in-fer-mey shuh n]   Any information that could be (even if it is not currently) linked to a living person including: name, date of birth, phone number, address, credit card number, political persuasion, ethnicity, union membership, and computer IP address.  
  11. 11. Most of the legal responsibilities fall on data controllers. In other words, companies like you that use cloud services Data Controller (user of the cloud service) Data Processor (cloud service)
  12. 12. First off, many regulations require you to notify individuals and receive their consent before storing or using data about them
  13. 13. You generally cannot transfer personal data to countries outside the EU that do not have equivalently strong data protection laws Andorra Argentina Canada Faroe Islands Guernsey Isle of Man Israel Jersey New Zealand Switzerland Uruguay Right now that’s every country except:
  14. 14. But in some cases it’s okay to transfer data to the US if the cloud provider is Safe Harbor certified
  15. 15. Every other country in the world is off limits for transferring data That can be problematic since you may not have control over where a provider stores your data
  16. 16. Another requirement: you need to provide individuals access to the data you store about them
  17. 17. And detect security breaches and report them to the authorities
  18. 18. Don’t expect the cloud provider to be responsible for reporting breaches, many of their default terms and conditions make the customer responsible for detecting breaches
  19. 19. Sounds like I’m stuck between a rock and a hard place. Isn’t there a loophole?
  20. 20. Well, if you encrypt the data using your own encryption keys you are exempt from some breach notification rules
  21. 21. But European privacy laws still require you to take steps to protect personal data, including: Strong passwords Secure workstations Information security training
  22. 22. For more information on what each law requires, download the cheat sheet   Download Now European Regulations That Impact Cloud Usage