Re: First Victim?
No, no tin-foil hat!
Article 30 of the new EDPR states that any company storing data in the cloud will have to [in conjunction with the cloud provider] perform risk assessments on any [cloud] stored data. So both your company AND the cloud provider will have to do this on your companies data.
This can only significantly increase the workload (and therefore cost) on both the client and the storage provider. I doubt that people like Google, MS and Dropbox will offer free or at least very cheap storage to businesses when they have to perform risk assessments on everything that a [business] client stores on their system. If they do, that "loss leader" is about to become a huge loss leader, taking into consideration all the extra man hours necessary. Encryption is irrelevant as far as EDPR is concerned, as the Article 30 requirement is there regardless of encryption.
I'm not saying you are wrong - I'm just suggesting that with EDPR on the horizon this may be the first of many storage providers who will not have the funds or the manpower to be able to fulfil the upcoming legal requirements for business customers storing data in the cloud.