Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

Characteristics of the General Data Protection Regulation


A look at the new European Regulation which is bringing Data Protection law into the new century.

The GDPR came into being on the 27th April 2016 and incorporates principles already found in Directive 95/46/EC whilst also repealing the latter. It is an EU Regulation and therefore does not require domestic legislation to be in place in order to apply. The aim of the GDPR is to try and fill the various blind-spots in Directive 95/46/EC to make the law more relevant to the modern day. There are a few changes to existing data protection laws which are of note.

First is the right to restrict processing. This allows an individual to restrict the controller from processing some or all of their personal data for reasons like inaccuracy in the data processed or unlawful processing operations the subject has caught wind of. Secondly the GDPR incorporates the obligation that data protection needs to be a guiding principle for controllers throughout their activity (Privacy by Design and Default). This means that when a new business venture or process is being considered data protection has to be figured-in from beginning to end.

Furthermore, one major development in the GDPR is the acknowledgement of Binding Corporate Rules as a viable regulatory solution where an undertaking needs to process data with or through other bodies established outside the EU. This allows greater opportunities in compliance for organisations which may have branches outside of Europe.

Finally, regarding penalties, it is worth noting that depending on the nature of the breach of law, the maximum administrative penalty can be up to the higher of €20,000,000 or 4% of the controller’s worldwide annual turnover. Suffice it to say that data controllers would best take heed.


Article published by: Dr. Gege Gatt, Malta IT Law Association


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Hö



53 lawyers from 33 countries are contributing to the project “Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More



The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.