PROTECTION OF PERSONAL DATA IN CLOUD ENVIRONMENT - AUDITABLE STANDARD FOR CLOUD SERVICE PROVIDERS
PROTECTION OF PERSONAL DATA IN CLOUD ENVIRONMENT - AUDITABLE STANDARD FOR CLOUD SERVICE PROVIDERS

Summary/Abstract: Any business entity outsourcing control of their data to a third party, whether cloud service provider or otherwise, is always well advised to undertake some level of due diligence prior to signing the contract to ensure that information security standards are as high as it is reasonable to expect given the commercial worth or personal sensitivity of the data. When personal data is involved due diligence in relation to information security is not just commercial common sense, but it is also a regulatory requirement. Data protection legislation in Bosnia and Herzegovina, as well as in many other countries, require that personal data controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical and organizational security measures governing the processing to be carried out, and must ensure compliance with those measures. The evaluation of potential cloud service providers ought to include a thorough review of their information security and privacy control environment. Audited compliance to a standard might be the appropriate method to ensure that data controllers comply with its data protection obligations and used by cloud service provider in order to reassure customers. This paper present an internationally accepted Code of practice for protection of personal data in public clouds acting as personal data processors.

• Details
• Contents