Session audio recording noted, survey mentioned.
Anonymised survey results will be published.
Summary of results so far, some structuring and seed ideas.
Commercial cloud providers are establishing UK based datacentres.
Transparency on precise terms & conditions for data egress charges ?
Encouragement to complete the survey…. URL is https://bit.ly/cloudlegal2016
EMBL – multi site/nation European organisation
Hybrid multi-cloud as strategic response to requirements.
Understanding costs, nature of data to be handled, and cloud options for handling.
Objective analyses of current use patterns, data categories, associated processing costs.
Results in a matrix of what can be done where.
Risk based analysis.
Comparison of cloud providers and associated capabilities.
Note the capability criteria…
Relative cost analyses
EMBL cloud tender for six month trial to explore these approaches and potential solutions.
Procurement lots are spread across several providers.
Contractual negotiations have been time-consuming (complexity)
Both Technical and policy issues
Data issues and requirements
Confidentiality, Integrity, Availability, Security, Ownership
Data protection compliance
Legislation – DPA, GDPR…etc.
Personal data – definition
NB deceased persons’ data excluded, except where data is relevant to living persons
Cloud providers – processors
Data localisation (geographic), and associated transfers between locales..
Data processing impact assessments before processing in cloud
Access controls, multi-factor
GDPR requirements for organisation responsibilities
Also obligations on processors – cloud providers
large fines for breaches
Standard and negotiated contracts
Terms and conditions..several areas highlighted