Skip Trinity Banner Navigation

Skip to main content »

Trinity College Dublin

Skip Main Navigation
IT Security
Secondary Navigation

Cloud Security


Data Protection and the Cloud

When seeking to store or process personal data which is subject to the Data Protection Act in the cloud the following issues apply:

  • Security - The Data Protection Acts (Section 2C (3)) place responsibility for data security squarely on the data controller who is accountable to the individual data subject for the safeguarding of their personal information. A data controller must therefore be satisfied that personal data will be secure if it is outsourced to a cloud provider.
  • Data Location - Personal data that is held within the European Economic Area (EU Member States plus Iceland , Liechtenstein and Norway ) benefits from a common standard of protection laid down at EU level. When data is transferred outside of the EEA, special measures must be taken to ensure that it continues to benefit from adequate protection.
  • Written Contract - Data protection law requires that there be a written contract with the cloud provider and any sub-processors to underpin the obligations as set out above. The contract should be clear on the key points outlined above: that the cloud provider – and any sub-processors used by the provider - will only process the data as instructed by the data controller; and that the contract includes detailed assurance by the cloud provider on security measures – including the additional measures that need to be taken to guarantee the security of personal data that is processed outside of the European Economic Area.

The IT Security Officer can assist you in assessing the security of a proposed cloud product. You can request assistance via the IT Service Desk.



Contact: | Sitemap | Last Updated: September 1, 2015