recent work

Businesses urged to remember their Data Protection obligations

Both clients and organisations could be running huge risks in not knowing where their physical data is stored when using cloud based applications. The Information Commissioner is becoming ‘increasingly concerned’ with UK business’s attitudes towards this, believing that ‘many businesses do not realise that they’re still held accountable for the data even after handing it over to a cloud provider’.

The ICO has published a set of guidelines for companies migrating data into the cloud in the hope of clarifying the situation.
Here’s a breakdown of their top tips:

  • Businesses should review any personal data they process and prioritise what should and should not be moved into the cloud;
  • Organisations are also strongly recommended to inform end users about any processing arrangements made as well as ensure that their cloud provider has implemented the appropriate technical security for such information;
  • Whilst it is advised to inspect the premises of the cloud supplier, the ICO stated that it is “unlikely that a cloud provider would be willing to permit each of its prospective and current customers to enter its premises to carry out an audit,” resulting in the use of an independent third-party audit;
  • The watchdog stated that the encryption of data in transit and possibly “at rest” is a significant factor, especially when processing sensitive personal data.

Absolute Data is highly experienced in reviewing and auditing the data practices of any type of organisation, including any cloud-based activity. For further information, contact us now at info@absolute-data.co.uk or on 01423 790125.