Research Article
Cloud Security and Privacy in the Light of the 2012 EU Data Protection Regulation
@INPROCEEDINGS{10.1007/978-3-319-03874-2_12, author={Andreas Kronabeter and Stefan Fenz}, title={Cloud Security and Privacy in the Light of the 2012 EU Data Protection Regulation}, proceedings={Cloud Computing. Third International Conference, CloudComp 2012, Vienna, Austria, September 24-26, 2012, Revised Selected Papers}, proceedings_a={CLOUDCOMP}, year={2014}, month={6}, keywords={cloud computing European Union data protection regulation security data protection privacy evaluation framework}, doi={10.1007/978-3-319-03874-2_12} }- Andreas Kronabeter
Stefan Fenz
Year: 2014
Cloud Security and Privacy in the Light of the 2012 EU Data Protection Regulation
CLOUDCOMP
Springer
DOI: 10.1007/978-3-319-03874-2_12
Abstract
The essential characteristics of cloud computing such as elasticity or broad network access provide many economic benefits for their users, but with these benefits also many security and privacy risks come along. These risks can be generally classified into legal and technical risks. The upcoming general data protection regulation by the European Commission (COM (2012) 11) strengthens the consumer’s rights with changes like a single set of European rules and more data protection obligations for organizations. Once the general data protection regulation becomes effective, organizations will have to fulfill more requirements to comply with the law, especially in situations of security breaches or issues about the life cycle and the processing of data. In this paper we describe a framework for the evaluation of cloud service providers in regard to the upcoming EU data protection regulation. The framework shall help service providers to comply with the new regulation, and shall enable consumers to evaluate the security and privacy competencies of cloud service providers.