top of page

GDPR General Data Protection

Move to the cloud and reduce your GDPR liabilities as a data processor.

 

What are your GDPR responsibilities?

The responsibilities placed on an organisation relating to the data it holds will be two-fold:

GDPR cloud data controller

1. Data CONTROLLER

As a Data Controller, you will have to comply with rules concerning personal data. Where the organisation enters and maintain personal data, the organisation must comply with rules concerning:

 

  1. Consent

  2. Access

  3. Retention

  4. Transferability

 
 
GDPR cloud data processor

2. Data PROCESSOR

 

As a Data Processor, you will have to safeguard data and ensure data resilience to a high standard. You will have significantly more legal liability than controllers if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR. Where the organisation holds data on its own servers it must follow regulation by ensuring:

 

  1. High-level cybersecurity

  2. Physical hardware security

  3. Strict backup regimes

  4. Firewalls and auditing

 
 
Cloud solutions

How can Cloudsis help you to

comply with GDPR?

cloudsis processor gdpr compliance

2. Data PROCESSOR

Cloudsis can help you to reduce your GDPR liabilities as a data processor.  Should your company move to a Cloud solution, part of the requirements for safeguarding the data, move to the cloud provider.

 

Cloud solutions offer a level of enhanced security often impossible to replicate cost effectively for small to middle-sized organisations. 
All data and information processing is carried out in a secure data centre, ISO 27001 certified, so you can be sure that every action is taken to ensure security is not compromised.
 

1. Data CONTROLLER

Every company is the controller of its data and as such this responsibility will remain even if you move your infrastructure to the cloud. You will have to ensure that you comply with consent, access, transferability and retention GDPR requirements.

 
 
cloudsis controller gdpr compliance

What Cloudsis have done to be

GDPR compliant?

01

High lever Cyber Security

Cloudsis is working with an ISO accreditation provider to get the ISO/IEC 27001 certificate.

Physical hardware security

02
Data centres are UK based, primary data centre in Croydon, secondary data centre in Maidenhead.
They comply with the strictest standards. 

Strict backup regimes

03
Cloudsis uses a full daily back-up on a rotating 30-day cycle.
Cloudsis utilises IBM Storage Area Network (SAN) systems.

Firewalls and auditing

04
All services provided by Cloudsis are provided in line with the ISO 27001 Security Standard. Systems are protected by Netscaler Hardend Devices and Untangle firewalls. 

Security Details

Cloudsis is working with and ISO accreditation provider to get the ISO/IEC 27001 certificate.

This certificate:

 

1. High-level cyber security

cloud gdpr compliance iso 27001
gdpr periodical examination

Periodical examination

Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts. 

Security Controls

Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.

gdpr cloud security controls
cloud overarching management

Overarching management

Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.

1 cybersecuity

2. Physical hardware security​

Data centres are UK based, primary data centre in Croydon, secondary data centre in Maidenhead.

 
cloud data centre multi level security

Data Centre Multi-level Security

Controls to prevent unauthorised access to the site, buildings and data halls as well as to the rack housings themselves. Systems in place to identify and react to threats, so the infrastructure is protected from theft, damage or interference.

  •  Tier 3 standard

  •  24/7 Security

  •  ISO 27001

Power & Generators

To eliminate risk caused by outage or power failure, the site uses diverse supplier feeds from multiple grid points ensuring there is no single point of failure. The site provides N+1 redundant power systems and power feeds up to 30Kw 3 phase per rack to ensure continuous power.

  • 10Kw rack power 

  • ABC UPS string N+1 resilience

  • 12Mw total power

cloud power generators gdpr
cloud connectivity

Connectivity

The site houses diverse network connectivity via Dark Fibre to multiple London points of presence with 2ms of network latency, to ensure ultra-fast connectivity with low latency to London locations.

  • 2ms of network latency

  • Dark Fibre networks

  • Carrier neutral

Cooling & Performance

We reduce energy consumption and costs by using ultra-efficient systems and advanced cold aisle and pod technology. We use N+2 efficient blended cooling to optimise the data centre environment to a designed PUE of 1.3.
    PUE of 1.3
    Cold aisle containment
    Ultra-efficient
 

cloud gdpr cooling performance
cloud gdpr fire detection suppression

Fire Detection & Suppression

Ensuring our infrastructure and customer equipment operate safely is one of our greatest concerns. The facility is equipped with VESDA fire detection which continuously samples the air for smoke particles. In the event of an alert we have installed a FM200 suppression system.
    VESDA fire detection
    FM200 suppression system

2 security

3. Strict Backup regimes

Cloudsis solutions use a full daily back-up on a rotating 30-day cycle.

 
cloud gdpr continuity strict backup

Business Continuity

Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities, and impacts. 

Cloudsis utilises IBM Storage Area Network (SAN) systems. This means that if one physical machine fails then the second system kicks in without interruption to the service. 


A traditional back-up is also taken and the secondary SAN unit stores these daily back-ups using an enterprise back-up solution which is based on Veeam. These back-ups run over our link between our Data Centres so that customer data is backed up to an offsite location. 

3 backup

Cloud solutions brought to your by Cloudsis are provided in line with the ISO 27001 Security Standard.

 

4. Firewalls and Auditing

cloud gdpr firewall auditing security
cloud gdpr security antivirus antispam

Advanced Security

Systems are protected by Netscaler Hardend Devices and Untangle firewalls,. Penetration tests are run on a monthly basis. Antivirus and Antispam are provided on all systems.

Cloudsis are also in the process to be Cyber Essentials accredited.

4 firewalls

We can also help you to protect your local infrastructure

IoT, Internt of things

With the proliferation of IoT, internet of things devices, the attack surface for hackers has increased massively. Traditional antivirus software was designed on the assumption that there were just a few operating systems. Now, because of IoT, there are thousands. Network security tools are becoming increasingly necessary in a world where everything - from lamp-posts to lawn sensors - is becoming Internet-enabled.

How many unsecured devices are connected to your network?

These include security cameras, elevators and seemingly innocuous gadgets such as tills, printers or power supplies amongst others. Businesses typically underestimate by 30% to 40% how many devices are linked to their network. These unidentified devices could definitely have been access points for hackers who could have then found how to control critical assets on your network. Once they have acces hackers could steal sensitive data, encrypt it, then demand a ransom for its safe return.

gdpr internet of things security

Even if you work in the cloud your local network may be at risk.

Cloud providers have normally thousands of security controls governing its services that are periodically updated to tackle new threats. Data is also protected through encryption and sharding.

Does this mean that your company is safe? The answer is no. Your local network is still at risk, and it is vital to protect it and analyse the behaviour of all the connected devices to detect possible anomalies.

GDPR implications

According to the new General Data Protection Regulation, as a Data Processor, you will have to safeguard data and ensure data resilience to a high standard. You must have a cyber resilience strategy in place to reduce the risk of data breaches. It should include enterprise-grade tools as robust firewalls, anti-malware/virus tools and monitoring against hacking and staff visiting suspicious phishing websites. If you fail to comply with the Regulation you could find yourself being fined up to €20 million or 4% of your company’s global annual turnover, whichever figure is larger, and your reputation could be seriously damaged.

Available in 5 days

Delivery of your new Cloudsis Solution in less than 5 days

One of our core principals was to bring simplicity to the ordering and implementation of the Cloudsis solution. Our system is ready for you to join the thousands of customers already enjoying the freedom of Cloud computing.

Would you like to see our Cloud solution?

Book a demo

with one of our consultants

Message received. We will be in touch shortly

Pegasus Opera 3 Cloud demo
Book Cloudsis demo
bottom of page