Considering the Cloud Apps you don’t know about

By James Smith - Head of Architecture & Innovation at Cloud Technology Solutions.

  • 6 years ago Posted in
GDPR has been covered in great length in the run up to its May 25th enforcement date, with checklists, guides and whitepapers telling us what we need to do to stay compliant. This is all great, if your data is held in and structured in one central place. But the rise of cloud based app usage within organisations could certainly cause some difficulty with this.

The recent Netskope Cloud Report by the Cloud Industry Forum found that the average European enterprise businesses are using over 600 cloud apps. Whilst this covers the more obvious SaaS applications such as SalesForce and Expensify, it’s thought that organisations underestimate this figure by 90 per cent. Think teams setting up Dropbox to quickly share files for projects, or marketing agencies sharing large files with suppliers via WeTransfer.

This data fragmentation (caused by having hundreds of apps) creates an issue for anyone trying to ensure GDPR compliance within an organisation, as they are effectively unaware of 90 per cent of the applications their company uses and the types of data held within those platforms.

Platform Convergence
Centralisation of this data can be a major step forward for GDPR. Products like G Suite and Office 365 allow users to provide good business tools for their staff while also having the benefit of providing centralised controls, reports, alerts and visibility of the data being used across the organisation. This minimises the number of apps, contracts and data fragmentation while also providing users with powerful tools to get the job done.


Policy complimenting technology
However, technology is only one part of the overall solution. Whether you have hundreds of applications or only a few, organisations also need to understand what other controls need to be implemented in order to ensure that they are compliant. This includes:

  • Understand Data Usage: When using cloud apps organisations need to audit and understand what data they hold, where it came from, where it is held, what they do with that data, if it’s shared and how it fits with their data policies.
  • Data Protection Policy, Business Processes and Procedures: Organisation need to ensure they have a data protection policy in addition to any required processes and procedures to ensure the information risk is being managed effectively.
  • Staff Training: Organisations must engage employees on what GDPR means for them in their day to day job and train them on the policies and procedures that they need to adhere to, to ensure the company remains compliant.


Organisations may need a GDPR Data Protection Officer to ensure the correct level of controls are in place and remain relevant.

The bottom line is organisations need to understand what PI data they hold, why they are holding it, how long they need to hold it for and how it’s being managed.  This must be communicated to their customers and staff and, where appropriate, mechanisms must be put in place to remove the data should it be requested.  Technology is not the only part of the solution. Policy and technology complement each other.  


By Barry O'Donnelll, Chief Operating Officer at TSG.
The cloud is the backbone of digital cybersecurity. By Walter Heck, CTO HeleCloud
By Milou Lammers, Director of Compliance, iland.
By Brett Beranek, Vice-President & General Manager, Security & Biometrics Line of Business at...
By Michael Queenan, co-founder and CEO of Nephos Technologies.
By Tawnya Lancaster, Lead Product Marketing Manager, AT&T Cybersecurity.
Why businesses need a bigger boat for tackling IaC security By Robert Haynes, SCA & Open Source...
Cybersecurity continues to be a major challenge for companies, with as many as four in ten...