Your AI chatbot in 8 hours
Visit Our Blog
902 02 62 13
Search
Zaragoza, Reus, Bilbao
902 02 62 13
Cloud Computing: The cloud and the LOPD
-
0

Cloud Computing: La cloud y la LOPD

apser apser
Cloud Computing for Business and CEOslegal risksIT risks
31/05/2013

Cloud Computing: The cloud and the LOPD

That the cloud computing It is here and that it is here to stay is beyond doubt. That this approach to service has obvious technical and economic advantages What is perhaps causing the greatest concern in some cases is the issue of security and, in particular, compliance with the LOPD with suppliers that are not Spanish companies.

It is a common phase of the pre-sale of cloud services; the client wants and needs to know where their data will be in order to register the corresponding file in the Spanish Data Protection Agency.

In the case of the most “classic” cloud computing, it is simple, we indicate the postal address of our CPD in Spain. However, we are increasingly deploying and managing services on third-party platforms, and these third parties are multinationals that do not physically have their servers in Spain (Google Apps,Amazon Web Services, Microsoft Azure, Microsoft Office 365The physical locations of the CPDs of these providers are not public, in fact they are sometimes kept with genuine “professional zeal”. On one occasion, an Amazon salesperson told me that they themselves do not know where the CPDs are, beyond the fact that they are located in a specific country.

So, how should companies continue to comply with the LOPD if they “go to the cloud”? Although the legal background is broad and certainly complicated, when push comes to shove, trusting a recognised provider is the most appropriate solution. Issues to consider:

  • A contract must be signed between the client and the service provider, clearly specifying that the service provider is going to outsource certain services (e.g. the virtualization platform) to a third party, specifying
  • When a service is contracted from a third party in “online” mode, it is not necessary to physically sign a contract with this third party; the “I accept the conditions” of this type of service can be accepted as acceptance of the contract for the purposes of the LOPD.
  • When hiring a foreign company, it is almost essential that the company is a member of the “Safe Harbor” system. Google, Amazon and Microsoft are. Although this does not guarantee everything, I think it should be a “must” when choosing. At least it means that there is no international data transfer In the face of LOPD, these companies are recognized as having an adequate level of protection (Decision 2000/520/EC)
  • Regardless of the fact that American cloud providers are Safe Harbor compliant, it is interesting that the physical location of the servers is within the EEC, which is the case of Amazon and Microsoft, for example, which have those that provide service to Europe in Ireland.
  • Let's face it, relying 100% on the infrastructure provider is generally not a good approach. Trust a provider that complements this third-party platform with a completely independent backup system and that uses data encryption.

The Spanish data protection agency has just published a guide “For Clients who contract Cloud Computing services” interesting and recommended reading. You can also consult this guide to learn more about cloud computing security:

https://mkt.apser.es/contenido-no-activo

apser
apser

We help companies from different sectors and sizes to innovate and adapt to new scenarios to achieve their objectives in Cloud Infrastructures, Analytics, Transformation through Generative AI & Machine Learning and User or Customer Service.

Related Posts
Leave a comment

Your email address will not be published. Required fields are marked *

Last updated October 2024

apser Cookie Policy

Privacy Policy and Cookies of apser

This Cookie Policy explains how apser (appser data engineering) uses cookies and similar technologies to recognise you when you visit our websites at https://apser.es, ("Websites"). It explains what these technologies are and why we use them, as well as your rights to control our use of them. In some cases we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are stored on your computer or mobile device when you visit a website. Cookies are widely used by website owners to make their websites work, or work more efficiently, as well as to provide reporting information. Cookies set by the website owner (in this case, apser) are called "first party cookies". Cookies set by parties other than the website owner are called "third party cookies". Third party cookies enable third party functionality or features to be provided on or through the website (for example, advertising, interactive content and analytics). The parties that set these third party cookies can recognise your computer both when you visit the website in question and when you visit certain other websites.

Why do we use cookies?

We use first-party and third-party cookies for a number of reasons. Some cookies are necessary for technical reasons for our websites to function, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also allow us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties use cookies through our websites for advertising, analytics, and other purposes. This is described in more detail below. The specific types of first-party and third-party cookies used through our websites and the purposes they perform are described below (please note that the specific cookies used may vary depending on the specific Online Properties you visit): https://apser.com/privacy-and-cookies/

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your rights over cookies by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services. The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website, although your access to some features and areas of our website may be restricted. You may also set or modify your web browser controls to accept or reject cookies. As the means by which you can reject cookies through your web browser controls vary from browser to browser, you should visit your browser's help menu for more information.

Need more information? Visit our privacy and cookies page
Close
Search

Hit to search or ESC to close

Apser.es
Powered by  GDPR Cookie Compliance
Privacy summary

This website uses cookies so that we can offer you the best possible user experience. The information of the cookies is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.