Get startedGet started for free

Regulations on the cloud

1. Regulations on the cloud

Nice job on those exercises! In this video, we'll talk about the way local regulations and laws can affect an organization's cloud infrastructure. Let's begin with an example.

2. Example

Imagine a fictional social media company founded and based in the US. They started with a data center in the US, but as they grow their user base

3. Example

to international audiences, they add a data center in Europe and another one in South America and eventually

4. Example

one in Africa and one in Asia. Having servers spread out across the globes reduces latency. The greater the distance between two points, the longer it will take for data to get there. This delay between the moment data is transmitted and the moment it is received is known as latency. Having servers spread out across the globes reduces latency.

5. Example

This means that when someone accesses their account in Australia,

6. Example

their request will be sent to the nearest server, rather than a server in the US or South America. Let's say this Australian user just signed up for an account at this fictional social media company. That means her personal data was just sent outside of the borders of Australia. And here's where it can tricky...

7. Example

Australia has regulations on how data should be processed and stored.

8. Example

There will be regulations on data wherever the data center is in Asia.

9. Example

And finally, the company will have another set of regulations it needs to follow in its home country.

10. General Data Protection Regulation (GDPR)

An example of data privacy law is the European Union's General Data Protection Regulation, or GDPR. And that's a good example of the type of regulation I'm talking about because it regulates how personal data is collected, processed, and stored from users in the European Union. For example, before a company collects any data, they need to explicitly get consent. Companies also need to notify users of any data breaches in a timely manner. Personally identifiable information must be encrypted, anonymized, and/or pseudonymized when stored depending on scenario. And, some regulations affect how data can be physically moved, for example, personal data can't leave EU borders unless the company can guarantee that the data will have the same level of protection wherever it may land outside the EU. Can you see how this affects cloud computing where data can move to different servers around the world? There's major incentive to comply to GDPR. The fine can be up to 20 million euros or 4% of the company's worldwide annual revenue - whichever is greater.

11. What is personal data?

A lot of these regulations talk about "Personal Data". What does that exactly mean? The European Commission defines it as any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. This includes home address, first name, last name, email address, location data, IP address, racial or ethnic origin, political opinions, sexual orientation, and health related data. Some of these on their own may not identify a specific individual, but for example, if you combine all the location data of a given person, it can get much easier to identify who they are by where they spend the most time, like their home address. Personal data is often referred to as PII, which stands for personally identifiable information.

12. Other regulations

GDPR is the most known data protection regulation because of it's massive impact. Severals countries followed suit to comply with aspects of GDPR so that data could more easily flow between borders. Here are a couple other data protection laws, new and old, from other parts of the word, including Brazil, the United States, Japan, Thailand, and Canada. We can't go through each regulation in detail. The point is that it's crucial to check local regulation. Protocols may be different country to country and can influence where companies choose to set up their data centers.

13. Let's practice!

Let's check your understanding!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.