Thema4561

GDPR in the Cloud: Taking Stock of Cloud Providers’ Challenges and Mitigating Strategies

Informationen zur Arbeit

Abschlussarbeitstyp: Bachelor, Master
Betreuer: Malte Greulich
Forschungsgruppe: Critical Information Infrastructures

Archivierungsnummer: 4561
Abschlussarbeitsstatus: Offen
Beginn: 23. Februar 2020
Abgabe: unbekannt

Weitere Informationen

Motivation
More than one year after the enactment of the European General Data Protection Regulation (GDPR) in mid of 2018, many firms in the European economic area are still uncertain about how to interpret and fulfill its data protection requirements. The consequences of GDPR non-compliance can be severe. Just recently, a German data protection authority ordered a 14.5 million EUR fine because personal customer data was not deleted but stored forever, which is against the data protection principles of the GDPR.

This uncertainty is especially true for cloud providers who store and process vast amount of customer data. The news is full of articles on data leaks at cloud providers making data protection and GDPR compliance a major concern.

Objectives
Identify cloud provider’s challenges with GDPR compliance
Identify and analyze cloud provider’s mitigation strategies to address these challenges

Methods
Conduct expert interviews with cloud providers (semi-structured interviews)

Introductory Literature

Amazon Web Services (2019). Navigating GDPR Compliance on AWS. https://d1.awsstatic.com/whitepapers/compliance/GDPR_Compliance_on_AWS.pdf
Tankard (2016). What the GDPR means for businesses. https://doi.org/10.1016/S1353-4858(16)30056-3
Tolsma (2018). GDPR and the impact on cloud computing. The effect on agreements between enterprises and cloud service providers. https://www2.deloitte.com/nl/nl/pages/risk/articles/cyber-security-privacy-gdpr-update-the-impact-on-cloud-computing.html