A data access control method includes requesting, by the data owner unit, the generation of a data encryption key (DEK) from the manager unit, generating, by the manager unit, the DEK, generating, by the manager unit, the result of the Ciphertext Policy-Attribute Based Encryption (CP-ABE) of the DEK and a secret key used to decrypt the result of the CP-ABE encryption, and then responding, by the manager unit, to the data owner unit, obtaining, by the data owner unit, the DEK by performing the CP-ABE decryption of the result of the CP-ABE encryption using the secret key, encrypting, by the data owner unit, data with the obtained DEK, and uploading, by the data owner unit, the encrypted data and DEK information to the cloud.