The EU’s General Data Protection Regulation (GDPR) will be enforced in a matter of months. Many see the regulation as a victory for personal data rights because it gives individuals the right to ask businesses for detailed information about how their personal data is processed. GDPR also governs the ways in which businesses conduct their internal data operations and audits. Overall, the regulation makes organizations more accountable for their practices. For those seeking compliance, data security and visibility into employee cloud usage must be a top priority.
Using cloud applications for storing and processing data is a critical concern under GDPR. The regulation mentions a shared responsibility between organizations using cloud apps and cloud service providers (CSPs) like Salesforce and Dropbox. However, it is ultimately the enterprise that has the responsibility of protecting their customers’ data in the cloud – not the CSP. In other words, businesses are accountable for ensuring that customer data is safe and used only as authorized, even when it is stored in a third-party cloud application.