Remediation and Redress Tool
What the tool offers
The Remediation and Redress Tool (RRT) targets individual data subjects who want to be made aware of any perceived incidents detected in the cloud environment that may have an impact on their personal data being collected and processed by provider operating in such environments. RRT facilitates provisioning of evidence to end users linking to incidents with an impact on their personal data and guides them through potential remediation actions in response to such incidents. RRT can be provided as part of the cloud service providers’ set of tools to demonstrate their commitment to accountability. By enabling their end users to facilitate immediate incident response on their device, the cloud service providers will be well prepared in fulfilling their obligations towards the General Data Protection Regulation (GDPR) with respect to the notification of end users and their ability to request for a remedy.
The tool innovation
RRT fills in a gap among the existing tools in the market creating benefits for both individual end users and cloud service providers. RRT contributes to end users’ empowerment by notifying them the incidents detected in the cloud with a direct impact on their privacy through a familiarised user interface and by supporting them in taking action in the occurrence of an incident in the cloud (simplifying filing complaints to DPAs, collection of evidence, etc.). Moreover, it assists cloud service providers in being more transparent regarding incidents, therefore, enabling them to comply with the obligations resulting from the GDPR. Through this way, the cloud service providers increase their transparency towards clients as they provide for incident notification and remedial options. Overall, RRT builds on the ex-ante effect of transparency and accountability, hence, fostering incident prevention in the cloud.
The unique proposition for RRT is that it increases end users’ capability in responding to data breaches and other incidents detected in the cloud. RRT enables end users to exercise their rights by providing them with proof of what has happened in the cloud that can be used to support claims before courts. This empowers the confidence of the cloud users in the use of cloud services, while giving them the opportunity to play a key role in the formulation of the cloud service market with respect to the sustainability of providers with poor performance on accountability and low compliance with the applicable legal framework. Furthermore, RRT can influence the interaction between individuals and the competent supervisory authorities by facilitating filing of complaints. The tool strengthens the confidence of the cloud customers and their clients in operating their business with specific cloud providers, who are able to demonstrate a responsible behaviour for the protection of individual’s privacy. The demonstration of the providers’ capability to implement alternative controls to mitigate privacy risks, when an incident has detected, can increase the trust of the cloud customers and users due to the enhanced commitment to remediation.