Cloud computing references all services based on architectures using grid technologies and virtualization which are accessible via the Internet or from another network.
The three types of Cloud services are the following:
- Infrastructure as a Service
- Platform as a Service
- Software as a Service
The storing of personal data is considered to be data processing, which means the processing must be compliant with the provision of the French Data Protection Act. The use of a Cloud service provider requires an evaluation of the overall risks inherent to:
- the subcontracting,
- the transfers of personal data outside the E.U.,
- the security of the information systems.
Data protection aims to prevent and manage risks such as:
- the transfers of personal data to third countries that do not guaranty an adequate level of protection for personal data in regards to what is provided within the E.U.;
- the lack of measures guaranteeing the confidentiality and security of the personal data;
- the lack of control over the chain of the subcontracting chain;
- the absence of data portability;
- breaches in the data isolation
- loss of control over the data
- absence of guarantees for the rights of individuals
