Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

This is a landmark piece of regulation regarding data protection and data privacy, with major implications for cloud storage

New AIIM whitepaper highlights the potential to deliver EU-wide services under a single operations model, but also the risk if organisations do not comply

Silver Spring, Md., July 31, 2014 – The forthcoming European General Data Protection Regulation (GDPR) offers a single law for organisations to follow, but increases fines up to 100 million Euros if found guilty of a ‘negligent breach’ of privacy or loss of data.

However, the new legislation is a major opportunity for cloud-providers according to AIIM, with major changes brought in as to how customer data regarding EU citizens is stored and how organisations must respond if a data breach occurs.

AIIM is the leading global organisation for the information management profession and its new whitepaper, “Making sense of European Data Protection Regulations as they relate to the storage and management of content in the Cloud”, explains the implications for both organisations and cloud providers, and also summarises current legislation in 11 of the 28 EU countries.

The law is the first significant change to European data privacy legislation since 1995, providing a single law for data protection to cover the whole of the EU, replacing the previous directive that has been implemented differently in each member state. The new legislation is likely to be passed before the end of 2014, and organisations will be given 2 years to reach compliance (early 2017). In the meantime, national laws for data privacy (as outlined in the appendices to the AIIM report) need to be complied with as a minimum.

“This is a landmark piece of regulation regarding data protection and data privacy, with major implications for cloud storage,” said AIIM spokesperson and the paper’s author, Mike Davis. “It applies to personal data on EU citizens wherever that data is stored across the world. Failure to comply will have serious legal and financial repercussion for an organisation. But it will also enable those organisations to make risk-based decisions about cloud versus on-premise content storage, allowing them to evaluate providers of cloud services to ensure that they will stay compliant with applicable law.”

The GDPR also extends the definition of personal data to include email address(es), the IP address of computer(s) used, and any posts on social media sites. It covers all organisations collecting and processing data of EU citizens and calls upon those organisations to:

• Collect explicit consent to collect data from data subjects (the data subjects must ‘opt-in’) and facilitate the subject’s wish to withdraw that consent.
• Be able to delete all customer data at the request of the data subject, a provision known as “Right to Erasure”, unless there is a legitimate reason for its retention.
• Provide data subjects with a clear privacy policy.

The data controller and data processor (the cloud provider) will have joint liability for any
breach of the regulation, and if it is ruled that a ‘negligent breach’ of privacy or loss of data has occurred, the offending organisation can be fined up to five per cent of annual revenues to a maximum of 100 million Euros.

“The new regulation poses serious challenges to organisations using cloud providers for storage of personal data, which means those organisations will be focusing their attention much more on providers that are compliant with the new legislation,” continued Davis. “This could be an important differentiator and major opportunity for cloud providers, both in Europe and the US, to align their cloud security with the new regulation.”

The AIIM white paper, Making sense of European Data Protection Regulations as they relate to the storage and management of content in the Cloud is available here. The report was underwritten by Hyland - Creator of OnBase, OpenText and Workshare.

About AIIM
AIIM has been an advocate and supporter of information professionals for 70 years. The association’s mission is to ensure that information professionals understand the current and future challenges of managing information assets in an era of social, mobile, cloud and big data. Founded in 1943, AIIM builds on a strong heritage of research and member service. Today, AIIM is a global, non-profit organisation that provides independent research, education and certification programs to information professionals. AIIM represents the entire information management community, with programs and content for practitioners, technology suppliers, integrators and consultants.

# # #
Paul Allen
Sarum PR
+44 (0) 1 722 322916

This press release was distributed by ResponseSource Press Release Wire on behalf of Sarum PR in the following categories: Business & Finance, Media & Marketing, Public Sector, Third Sector & Legal, Computing & Telecoms, for more information visit