Joel Benavides, Senior Director Global Legal and Advocacy at cloud data host Box, explains how the General Data Protection Regulation (GDPR) will impact cloud-stored data. Benavides spoke with TechRepublic’s Dan Patterson about how Box helps protect its clients data, how the GDPR will affect cloud data security and how your company can best secure your cloud data.

The law is a European regulation that goes into effect in May 2018 and is designed to protect the privacy of European Union citizens by limiting where and how companies store data. The policy’s announcement spurred a number of technology companies to create regional data silos, each with its own set of unique challenges, said Benavides.

SEE: Research: Cloud vs. data center adoption rates, usage, and migration plans (Tech Pro Research)

Although the cloud can help preserve and protect your data, it comes with its own security challenges. Benavides first explained how Box, a cloud content management company, protects its customers data. The company holds data for over 75,000 customers for all types of companies and organizations ranging from government to manufacturing to health sciences.

Box aims to protect sensitive data stored in the cloud. “We have taken the highest road and we look at the highest bar for data protection and data privacy,” he said. “We have subscribed to the data privacy directorate and now to the GDPR that will be coming into effect in May 18.”

When deciding on cloud providers, Benavides recommends that business leaders ask themselves, “Who has the most resources to spend in protecting your data?”

Even large corporations that run their own data centers do not have an endless amount of resources to spend on protecting data. So, according to Benavides, it makes sense to take advantage of infrastructures because they include core security and compliance measures.

When it comes to making sure your company’s cloud data is secure and in compliance, there isn’t a one size fits all protocol, he said. Each company is different. Companies must take a comprehensive approach by looking at the service provider, and not just taking a control or certification that has been granted by a third party.

Benavides believes that regulations such as the GDPR are necessary, but that regulations must have practical application. The way to achieve that is by having dialogue with the parties that are both going to be affected, the ones who are in charge with protecting or operationalizing that regulations, and the regulators themselves who are going to be enforcing it.

Regulation can help stabilize the market. Large SMBs and enterprise companies can best secure their cloud data by engaging in communication and conducting tests to make sure their service provider delivers on the protection in place that they are advertising.

Educating your employees is also one of the most important things you can do for protection.

“If you have somebody who is always opening emails and drilling down on every link that they get, the chances … of that company getting attacked [are] 100%.”

SEE: IT leader’s guide to big data security (Tech Pro Research)

Read more TechRepublic stories about big data: