Major Challenge: How to translate legal topics into technical implementation

GDPR is new in terms of construct, however, the topic of data protection has been around for quite some time. Dobromir Todorov, CEO at HeleCloud says in an interview with Tim Rains, Cybersecurity & Compliance Regional Leаder, EMEA at AWS for the series “AWS In Conversation With”.

The UK data protection act was established in 1998 and it is in close alignment with European Directive 95/46/EC, which stands since 1995. GDPR, as well as the EU data protection regulation, have been legal topics which were and still are being addressed by lawyers around Europe for the last 20 years or so.

“Quite often the challenge that we see and have seen for many years now, is how such legal topics are translated into technical implementation, technical design and controls in place. Most of the time organisations need guidance for purposes of converting legal requirements into technical design and implementation.” Dobromir states.

Besides GDPR, a hot topic for organisations is security and compliance in general. The availability of data and services, the confidentiality and integrity of data and services are very important for each and every organisation.

“Cloud is a relatively new paradigm and, although, it is already mainstream in terms of a delivery platform for many organisations. Some of them are more focused on the confidentiality aspects, where availability is very important for some of the mission-critical applications on the cloud platform. Others are still struggling to understand the security and compliance foundations of the cloud. Quite often we talk to customers and help them understand how the cloud can help them build solutions that protect the confidentiality, availability and integrity of their data on the AWS platform.” HeleCloud’s CEO adds.

HeleCloud advises its customers to take a journey to establish sound security and compliance, whereby they have confidence that the data is secure, the technical controls are in place, and the solutions are built with security and compliance in mind. Only then is it necessary to think about how they address specific security and compliance requirements like GDPR.

“I would never recommend organisations to consider GDPR as isolation from any other regulatorily business compliance standards, that they would be willing to adopt now and in the future. I think they need to build their compliance to be future proof and having sound security and compliance should be number one priority”, Dobromir says.

AWS helps its customers by publishing whitepapers about GDPR, discussing in-depth how they can be compliant on the AWS platform and providing tools for purposes of achieving GDPR compliance.

“HeleCloud has a variety of different approaches when it comes to customers. Normally, we let them drive the process and we are engaged in several stages. When an organisation has already established its presence in the cloud and has its security and compliance standards implemented, HeleCloud assesses its security and compliance mainly from a general perspective but also in the context of GDPR, providing gap analysis and giving recommendations. When a new application or workload is needed, we help the organisation establish the security and compliance foundation through governance, architecture and secure implementation in the cloud”, he explains.

“The cloud is the future of every workload. I think we are going to see in the next couple of years and with that in mind organisations should be prepared to take the cloud journey and GDPR is going to be part of that”, Dobromir affirms.

For further interesting trends, news and observations watch “AWS In Conversation With” HeleCloud.