Legal Restraints and Security Requirements on Personal Data and Their Technical Implementation in Clouds

Cloud computing has emerged as the new trend in the IT industry. However, in order for the adopters of this technolo gy to be legally compliant with regard to the handling of personal data, a series o f actions must be undertaken. In this paper, we present the legal requirements that exist inside the EU with regard to transnational data transfer and storage. Based on t hese legal requirements, we then used the WS-Agreement standard to create correspond ing SLAs. Subsequently, we extended existing and well known technologies in or der to create a data management framework that is necessary from an Infrastructure Provider point of view, so that the latter can be considered as a trusted entity with r egard to data management. As a result, customers and Cloud providers using the pre sent d SLA and data management framework are able to be compliant with the legal requirements stipulated by the Data Protection Directive with re gard to transnational data transfers.