Disclosing personal data for a purpose not known by data subjects is a practice that the 2018 EU General Data Protection Regulation (GDPR) is supposed to prevent. This article gives an overview of the major aspects of GDPR related to provision, use, and maintenance of cloud services and technologies, with the objective of representing effective guidance for companies during the process of complying with the new laws.
The article was written in collaboration between professors and associates of the faculties of Law and Computer Science of the Free University of Bolzano, and was accepted by IEEE for publication in the Nov/Dec 2018 issue.