Data Protection Commissioner issues guidelines for cloud computing

5 Jul 2012

Ireland's Data Protection Commissioner Billy Hawkes

Ireland’s Data Protection Commissioner Billy Hawkes has outlined new cloud computing guidelines for data controllers in firms. The fundamental lesson is that the key issue is security of data and the data protection issues are the same as other technologies, even if management of the cloud is outsourced.

The guidelines can be read in full online.

The guidelines include instructions on the level of care data controllers must take to ensure all precautions have been taken to ensure the security of the data.

“The Data Protection Acts (Section 2C (3)) place responsibility for data security squarely on the data controller who is accountable to the individual data subject for the safeguarding of their personal information. A data controller must therefore be satisfied that personal data will be secure if it is outsourced to a cloud provider,” the guidelines read.

The guidelines also elaborate on data location.

“Personal data that is held within the European Economic Area (EU Member States plus Iceland, Liechtenstein and Norway) benefits from a common standard of protection laid down at EU level. When data is transferred outside of the EEA, special measures must be taken to ensure that it continues to benefit from adequate protection,” the guidelines insist.

Join Ireland’s digital leaders who will gather to discuss cloud computing and the big data revolution at the Cloud Capital Forum.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years