Cloud Computing Law: Data Protection and Cybersecurity
- Protecting Personal Data in the Cloud
- This week, you'll learn how data protection laws regulate the processing of personal data in cloud services. We will focus, in particular, on the rules applying to cloud service providers and their customers as 'processors' and 'controllers' under the EU's General Data Protection Regulation (GDPR). We will explore the principles that must be followed and consider the legal grounds for processing personal data in the cloud, as well as how individuals might exercise their rights and the potential consequences for cloud providers of failing to comply with their obligations. By the end of this week, you'll be able to identify what is regulated as personal data and analyse what cloud providers and their customers must do to ensure compliance with the GDPR.
- International Data Transfers and Cloud Services
- This week, you'll learn how the GDPR applies to international transfers of data in cloud computing. First, we will examine the broad territorial scope of the GDPR in the context of cloud computing. Then we will explore how GDPR may restrict international transfers of cloud data; the legal mechanisms that may be relied on to justify regulated transfers; and possible exceptions to the transfer restriction. By the end of this week, you'll be able to explain the international reach of GDPR and how its data transfer rules apply to cloud providers and their customers.
- Cybersecurity, Cloud, and Critical Infrastructure
- This week, you'll learn about the regulation of cloud services as critical infrastructure under the Network and Information Security ('NIS') Directive. First, we'll look which cloud services need to comply with this Directive. Then, we'll review the obligations to keep cloud services secure and to report security incidents to a regulator. By the end of this week, you'll be able to describe how a cloud provider can comply with the NIS Directive, as well as the possible penalties for breaking the rules.