Thales Blog

Regional privacy but global clouds. How to manage this complexity?

May 31, 2022

Romain Deslorieux Romain Deslorieux | Director, Strategic Partnerships | Thales More About This Author >

The UN Fundamental Declaration of Human Rights states: “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.”

More than 120 governments have already implemented data privacy regulation to that very purpose, as stated in Recital 1 of the GDPR in the EU (General Data Protection Regulation).

I participated to the recent DPO Forum in Paris. Data Protection Officers expressed the difficulties they have to accomplish their mission: to advise on and monitor compliance (as defined in GDPR Article 39).

With the acceleration of digital transformation and growing cyber threats, one thing is clear: privacy compliance has never been so important, yet so complex to reach.

To that effect, TCS, Global leader in cyber security services, and Thales recently announced a partnership offering a one-stop solution for data privacy that organisations leverage to manage this complexity and help reach compliance.

Accountability and delegated responsibility

In the digital era, organisations are accountable for the protection of personal data they handle, to preserve the privacy of individuals –they are data controllers. When consuming cloud solutions, they delegate responsibilities to sub-contracting third parties: hyperscalers/cloud/application service providers –the data processors.

Data controllers are accountable to the persons (consumers, citizens) or other organisations (customers) they serve as part of their purpose. Whilst Cloud service providers, as data processors, are responsible for actions they are contracted to deliver by controllers (data collection, modification, storage, transmission, deletion etc).

The accountability of data controllers cannot be transferred. In GDPR Article 5, Accountability is set as a principle of the regulation, its foundation, and is defined as an explicit responsibility of the controller, not the processors. Being accountable comes with the concept of being answerable, being able to demonstrate.

Implementing privacy

In a recent blog, Rob Elliss describes the digital sovereignty challenges that organisations must solve when adopting cloud services and ensure data privacy.

How to manage and enforce policies for different regulations (eg California, EU, India, Australia, China etc), on data processed across multiple clouds –with each their own constraints, and whilst taking into account the business needs for scalability, agility, cost and time-to-market?

“Glocal” expertise, global and local.

Organisations face local regulations requiring knowledge in each region. Yet, as data might concern citizens from many parts of the world, and are processed on trans-national cloud infrastructure, global vision and skills are also required.

Data are processed and need protection in multiple cloud systems, which each their specificities. Yet organisations need to manage centrally to be able to control, audit and consolidate compliance reports across the hybrid IT.

This complex local data privacy landscape requires a holistic solution. To that effect, Thales join forces with global trusted service providers to combine state-of-the-art data protection technology with excellence in delivering business outcome.

TCS and Thales: trusted partners

To that effect, the joint approach announced by TCS and Thales helps customers manage risk, accelerate cloud adoption, and meet data privacy & protection compliances with continuous improvement agile methodology: Discover, Classify, Protect Data, and Review & Modify.

To know more, contact us or visit our dedicated webpage on compliance.

One-stop solution