Vast amounts of personal information are processed in the cloud. But who is legally responsible for such ‘personal data’ in cloud environments? What duties do cloud providers like Amazon, Microsoft, and Google have? And what rights can you, as an individual, exercise under data protection law? If you’d like to find out, then this course is for you! First, we’ll look at how the European Union’s ‘General Data Protection Regulation’ (‘GDPR’) regulates the processing of personal data in cloud services. You’ll learn to identify controllers and processors, describe their roles and responsibilities, and understand how cloud customers and providers can comply in practice. Second, we’ll look at international transfers of personal data. We’ll explain how the GDPR can apply to cloud providers and their customers anywhere in the world, as well as how restrictions on international transfers apply to cloud services. Third, we’ll look at how the Network and Information Security (‘NIS’) Directive regulates the cybersecurity of critical infrastructure. You’ll learn to identify cloud providers’ duties to notify security breaches and to keep their services secure, and how to apply those duties to concrete case studies. In short, this course covers how the GDPR and NIS Directive apply to cloud services and what cloud providers and their customers should do to comply.