Store Company Data in the Cloud: Working in the cloud is now standard in modern companies. More and more self-employed and employees use multiple offers from the cloud. Such as storage space, image processing programs, and office applications as a matter of course. You share PDF documents with cloud services, reduce the size of images, shorten music files, and check suspicious files with virus scanners from the Internet cloud.
The cloud also plays a vital role in private life, not least for everyone who likes to play games on the computer or chats. It is all the more astonishing that there are still concerns about the Internet cloud despite the high cloud usage.
The Majority of Company Owners See Security Risks in the Cloud
In a current study by KPMG AG in collaboration with Bitkom Research GmbH, 70% of those questioned in companies stated that they were afraid that unauthorized persons could access sensitive company data in the data cloud. The possible loss of essential documents in the cloud and the insecure legal situation also made more than 50% of entrepreneurs feel uncomfortable.
These security concerns are extremely understandable – after all, any company’s success depends on knowledge and expertise that must not fall into the wrong hands. In times of hacker attacks, virus attacks, and data theft, IT security cannot be taken seriously enough.
Cloud: Much More Instead of Less Security
This puts the question of whether the cloud services, in particular, do not provide a higher level of security than a single company could ever provide. Aren’t the cloud providers and their data centers in particular, with their numerous IT security experts, much better protected against internet criminal activities than most of its systems?
Reputable cloud providers have biometric access controls, are always up to date with the latest technology. And use emergency power generators and disaster control. – All of this forms the basis of their business model. Without these high standards of security, cloud providers could not survive.
Deletion of Data
The (GDPR) General Data Protection Regulation regulates the handling and deleting sensitive company data, such as personal data. In addition to the technical deletion procedures, organizational processes are essential so that data subjects’ rights can be observed. Compliance with data deletion is a special obligation, especially for the company’s data protection officer and those responsible.
However, statutory retention requirements should not be ignored. Various legal and contractual obligations can result in personal data being retained for a certain period of time. Only after this period does the obligation to delete the data take effect.
In Article 18 GDPR (right to restriction of processing), a data subject has the right to restriction of processing under certain conditions. For example, a customer requests that he no longer be contacted and that he be deleted from the database. However, since this customer’s statutory retention period has not yet expired, the master data cannot simply be deleted. In the master data, it should be possible to set the customer to inactive. So that, for example, he is no longer available in customer lists.
Secure deletion of data according to GDPR
Companies must store personal data in such a way that they can only identify a person for as long as it is needed for the processing purpose. This means that it is essential to explain the purpose of how you, as a company, process data. All other “supposed” purposes lead to inadmissible use of the data.
If this purpose no longer applies. For example, because something is statute-barred or the contractual relationship ends, the data must be deleted. But be careful! The legal requirements with regard to storage or documentation obligations must always be observed. Here it is good if the person responsible in the company or the data protection officer carefully checks whether the deletion is legal before the deletion.
Deletion of Data in the Cloud
Similar to the legally regulated deletion of sensitive personal company data, which is regulated in the GDPR, the principle of data economy anchored in the Federal Data Protection Act (BDSG) applies to cloud services. You should, therefore, delete data that is no longer required.
To delete data from cloud storage, many cloud services first store them in a virtual recycle bin. The data can be restored from this for a few days. Only after the final deletion will the data be irretrievably removed.
As there is no physical way to the data carriers with cloud storage, you have to trust the respective services, and they deleted your data after it was permanently deleted. You cannot verify that. So, play it safe and encrypt your data. Further information on deletion requirements can be found in the Federal Data Protection Act.
Also Read: Virtual Assistants: Do They Spy on us in our own Home?