Cloud computing, it is a hot topic these days. But what is it all about?

Basically, it describes technologies to deliver software as a service. The cloud provider provides processing power, software, data access, and storage in order to deliver services to the consumer of the cloud services.

How does it look from your end of the screen? Compare it to your water supplier; at the end of the day, the average user would probably require that when he turns on the tap, water comes out. The more concerned user would be a bit more interested in the quality and origin of the water coming out.

A better parallel with regard to your data however would be the attended cloakroom. You would arrive at the theatre and hand your coat to the cloakroom attendant in exchange for a numbered ticket. After the show, you would hand the ticket to the attendant in order to have your coat returned.

So as a user (the data subject), you would hand your personal data to a company (the data controller) you trust, and this company would store your data or process it in ‘the cloud’ through his cloud provider (a data processor).

If the attended cloakroom is unattended (after closing hours) or in case of an emergency, you could browse through the coat hangers in the cloak room and find your coat. What if it wasn’t there, what if the cloakroom had ‘outsourced’ storing the coats? You would appreciate a sign saying ‘We outsource our coat storage to external sites in x, y and z’. You could still go to x, y and z and retrieve your coat.

With data however, nobody is guaranteeing that the data is stored completely in one location, it might be distributed over multiple data stores. It is also not guaranteed that the data is stored only once, only that it is stored at least once. And no guarantees that if data is deleted or moved, it is physically removed or erased in the original location.

So what can we learn from this short story:
It is vital that everybody involved knows where the data resides, handles it with care and only for as long as needed and wanted, keeps it safe from abuse, and deletes it when no longer needed.

Data Controller

• Draw up and adhere to rules regarding handling personal data. (data handling procedures)
• Draw up and implement procedures to allow data subjects to execute their legal rights under the Data Protection Law.
• Ensure your subcontractors abide by the same rules you impose on yourself.
• Inform your data subjects of these rules, be transparent. (privacy statement)
• Audit yourself regularly to check adherence to your rules and the Data Protection Law.
• Audit your subcontractors to check the above.
• Be vigilant!

Data Subject

• Read the information provided by the data controller before handing over your personal data.
• Execute your legal rights under the Data Protection Law.
• Stay in control of your personal data, know who is using it and what for.
• Be vigilant!

And finally. if in doubt, do not hand over your personal data and look for another provider.