The cloud platforms provide customers with technology and tools to protect their assets, including the most important one — data. At the time of writing, there’s a lot of debate about who’s responsible for protecting data, but generally, the company that is the legal owner of the data has to make sure that it’s compliant with (international) laws and standards. In the UK, companies have to adhere to the Data Protection Act, and in the European Union, all companies have to be compliant with the General Data Protection Regulation (GDPR).
Both the Data Protection Act and GDPR deal with privacy. International standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013 are security frameworks that cover data protection. These standards determine that all data must have an owner so that it’s clear who’s responsible for protecting the data. In short, the company that stores data on a cloud platform still owns that data and is therefore responsible for data protection.