Monday, 18 April 2016

New EU Data Protection Laws (GDPR) and Cloud Services

Over the past few days the new EU data protection laws have been passed which will for the first time in 20 years rewrite the requirements and responsibilities of those who store data. It will also give more rights to the users who have data stored.

The new General Data Protection Regulation (GDPR)  will require many businesses to re-think and rework their current strategies.  One area which interested me was in the effect of the GDPR on cloud service providers.

I have studied many articles and discusssions and thought I could take the main points and simplify them here.

First some terminology

Data Controller - The business who actually owns the data
Data Processor - The cloud provider

The current situation:

All of the responsibility of data protection  currently lies with the Data Controller.  The Data Processor basically facilitates a platform on which the systems run.

With the introduction of the GDPR

Both the Data Controller and the Data Processor will be responsible for the data.

A breach will need to be reported in 72 hours and fines will fall into one of two categories depending on specific criteria.

2% of global annual turnover or €10 million
4% of global annual turnover or €20 million

Obviously the new regulations will cover many more aspects in much more detail and clarity, but it doesn't take much to assume that there will be a rise in service costs due to the extra responsibility being placed on both the businesses and cloud providers.

Friday, 15 April 2016

Quicktime For Windows Needs To Be Uninstalled.

After Trend Security Researchers discovered two new flaws in Quicktime they contacted Apple to report the issue.  Apple allegedly responded that they would not fix the issues as they were removing support for Quicktime on Windows.
It is reported that even the  Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) has recommended Windows users uninstall this software as well.

Email Retention Policies

Many companies have little to no email retention policies in place.  The idea here is to ensure that if a business related email is required...