Cloud accounting systems, the audit trail, forensics and the EU GDPR: how hard can it be?

George Weir, Andreas Aßmuth, Mark Whittington, Bob Duncan

Research output: Contribution to conferencePaperpeer-review

137 Downloads (Pure)


Ahead of the introduction of the EU General Data Privacy Regulation (GDPR), we consider some important unresolved issues with cloud computing, namely, the insecure cloud audit trail problem and the challenge of retaining cloud forensic evidence. Developing and enforcing good cloud security controls is an essential requirement for this is to succeed. The nature of cloud computing architecture can add additional problem layers for achieving cloud security to an already complex problem area. Historically, many corporates have struggled to identify when their systems have been breached, let alone understand which records have been accessed, modified, deleted or ex-filtrated from their systems. Often, there is no understanding as to who has perpetrated the breach, meaning it is difficult to quantify the risk to which they have been exposed. The GDPR seeks to improve this situation by requiring all breaches to be reported within 72 hours of an occurrence, including full identification of all records compromised, failing which the organisation could be subject to punitive levels of fines. We consider why this is such an important issue, identifying what desirable characteristics should be aimed for and propose a novel means of effectively and efficiently achieving these goals. We have identified a range of issues which need to be addressed to ensure a robust level of security and privacy can be achieved. We have addressed these issues in both the context of conventional cloud based systems, as well as in regard to addressing some of the many weaknesses inherent in the internet of things. We discuss how our proposed approach may help better address the identified key security issues.
Original languageEnglish
Number of pages6
Publication statusPublished - 10 Aug 2017
EventBritish Accounting & Finance Association (BAFA) Annual Conference 2017 - Heriot Watt University, Edinburgh, United Kingdom
Duration: 10 Apr 201712 Apr 2017


ConferenceBritish Accounting & Finance Association (BAFA) Annual Conference 2017
Country/TerritoryUnited Kingdom
Internet address


  • cloud security
  • privacy
  • cloud audit
  • cloud forensics
  • Internet of Things


Dive into the research topics of 'Cloud accounting systems, the audit trail, forensics and the EU GDPR: how hard can it be?'. Together they form a unique fingerprint.

Cite this