The democratisation of the cloud is not surprising as it provides access to virtual data storage where companies no longer need to buy or maintain their own IT infrastructure.
However, with cloud solutions, the security of user data should not be overlooked. There are cloud certifications and regulations that can help you in your choice.
What are the compliance requirements?
Companies using or wishing to use a cloud solution should inform themselves about the security and privacy policies and practices of the provider. Personal, financial or other sensitive information may be subject to strict regulations.
However, data protection regulations differ from one jurisdiction to another. The aim of these regulations is to ensure that customer data is protected and used in a transparent manner.
Regulations: Cloud RGPD, CCPA, PIPL…
In Europe, the General Data Protection Regulation (GDPR) applies. This regulation contains a series of rules on the rights of individuals to know what sensitive data companies collect about them and how companies store and process that data.
Recently, Canada passed the Personal Information Protection and Electronic Documents Act (PIPEDA).
In Quebec, Bill 64 will come into force in September 2022. Once in place, businesses will have up to one year to comply with the Modernization of Personal Information Protection Legislation Act. Although there is legislation at the federal level (PIPEDA), since the provincial legislation is similar to the federal legislation, Quebec will be exempt.
The United States has not yet adopted PIPEDA-type regulations. However, several states have adopted privacy laws. California, for example, has the California Consumer Privacy Act (CCPA). It grants consumers rights related to the collection, use and sale of their personal data. The CCPA will become the California Privacy Rights Act (CPRA) and requires a series of new obligations with which organisations must comply.
China has adopted the Personal Information Protection Law (PIPL), which is considered one of the strictest in the world because of its fines and the way it takes into account the extraterritorial effect.