{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,18]],"date-time":"2025-12-18T09:16:15Z","timestamp":1766049375221,"version":"3.41.2"},"reference-count":15,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2020,6,8]],"date-time":"2020-06-08T00:00:00Z","timestamp":1591574400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2020,6,8]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>The purpose of this paper is to give a brief guidance on what a cloud provider should consider and what further actions to take to comply with General Data Protection Regulation (GDPR).<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>This paper presents in detail the requirements for GDPR compliance of cloud computing environments, presents the GDPR roles (data controller and data processor) in a cloud environment and discusses the applicability of GDPR compliance requirements for each cloud architecture (Infrastructure as a Service, Platform as a Service, Software as a Service), proposes countermeasures for satisfying the aforementioned requirements and demonstrates the applicability of the aforementioned requirements and countermeasures to a PaaS environment offering services for building, testing, deploying and managing applications through cloud managed data centers. The applicability of the method has been demonstrated on in a PaaS environment that offers services for building, testing, deploying and managing applications through cloud managed data centers.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>The results of the proposed GDPR compliance measures for cloud providers highlight the effort and criticality required from cloud providers to achieve compliance.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<\/jats:sec>","DOI":"10.1108\/ics-01-2020-0009","type":"journal-article","created":{"date-parts":[[2020,6,8]],"date-time":"2020-06-08T07:44:45Z","timestamp":1591602285000},"page":"665-680","source":"Crossref","is-referenced-by-count":7,"title":["GDPR compliance: proposed technical and organizational measures for cloud provider"],"prefix":"10.1108","volume":"28","author":[{"given":"Zafeiroula","family":"Georgiopoulou","sequence":"first","affiliation":[]},{"given":"Eleni-Laskarina","family":"Makri","sequence":"additional","affiliation":[]},{"given":"Costas","family":"Lambrinoudakis","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"article-title":"Navigating GDPR compliance on AWS","year":"2018","author":"Amazon Web Services","key":"key2020110313134804500_ref001"},{"article-title":"Guide to the general data protection regulation","year":"2017","author":"Bird and Bird","key":"key2020110313134804500_ref002"},{"key":"key2020110313134804500_ref003","unstructured":"Cloud Security Alliance (2017), \u201cCode of conduct for GDPR compliance\u201d, November, available at: https:\/\/downloads.cloudsecurityalliance.org\/assets\/research\/gdpr\/CSA_Code_of_Conduct_for_GDPR_Compliance.pdf"},{"article-title":"Data privacy in the cloud","year":"2018","author":"Deloitte","key":"key2020110313134804500_ref004"},{"key":"key2020110313134804500_ref005","unstructured":"European Parliament and of the Council (2016), \u201cThe European parliament and the council of the European union\u201d, available at: https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32016R0679&qid=1485368166820&from=en"},{"article-title":"General data protection Regulation (GDPR)","year":"2018","author":"Google Cloud Whitepaper","key":"key2020110313134804500_ref006"},{"article-title":"GDPR compliance: proposed technical and organizational measures for cloud providers","volume-title":"Proceedings of the 3rd In-ternational Workshop on SECurity and Privacy Requirements Engineering (SECPRE 2019), in conjunction with ESORICS 2019","year":"2019","key":"key2020110313134804500_ref06a"},{"key":"key2020110313134804500_ref007","unstructured":"Information Commissioner\u2019s Office (2018), \u201cChildren and the GDPR\u201d, available at: https:\/\/ico.org.uk\/media\/for-organisations\/guide-to-the-general-data-protection-regulation-gdpr\/children-and-the-gdpr-1-0.pdf (accessed 22 March 2018)."},{"article-title":"GDPR and codes of conduct in SaaS","year":"2019","author":"LexisNexis","key":"key2020110313134804500_ref008"},{"key":"key2020110313134804500_ref009","unstructured":"Microsoft (2019), \u201cSafeguard individual privacy with the Microsoft cloud\u201d, available at: www.microsoft.com\/en-us\/trust-center\/privacy\/gdpr-overview (accessed August 2019)."},{"article-title":"Contribution from the multistakeholder expert group to the stock-taking exercise of June 2019 on one year of GDPR application","year":"2019","author":"Multistakeholder Expert Group","key":"key2020110313134804500_ref010"},{"article-title":"The GDPR and its implications on cloud services","year":"2018","author":"Norm Barber","key":"key2020110313134804500_ref011"},{"article-title":"Oracle cloud infrastructure and the GDPR","year":"2019","author":"Oracle Cloud Infrastructure","key":"key2020110313134804500_ref012"},{"article-title":"Accelerate GDPR compliance with the Microsoft cloud","year":"2017","author":"Microsoft","key":"key2020110313134804500_ref013"},{"year":"2019","key":"key2020110313134804500_ref014","article-title":"The implication and challenges of GDPR\u2019s on cloud computing industry"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2020-0009\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-01-2020-0009\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:22:38Z","timestamp":1753406558000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/28\/5\/665-680\/110941"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,6,8]]},"references-count":15,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2020,6,8]]}},"alternative-id":["10.1108\/ICS-01-2020-0009"],"URL":"https:\/\/doi.org\/10.1108\/ics-01-2020-0009","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"},{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2020,6,8]]}}}