Abstract

The security of personal data processed within a cloud storage requires a comprehensive approach, encompassing an analysis of data processing purposes, the data minimalization principle and the appropriate selection of tools and data protection principled under the GDPR. Proper structuring of agreements with cloud storage providers as well as ISO 27017 and ISO 27018 standards, which establish standards for data management and privacy protection, have vital importance in data processing.
The Data Protection Impact Assessment (DPIA), the application of the principles of legality, fairness, transparency, purpose limitation and data adequacy, as well as the implementation of backup mechanisms and company’s personnel training, constitute the lynchpin of ensuring data security. The consideration and proper application of regulations by law enable the mitigation of risk of data breaches and contribute to enhancing users’ trust in cloud services.