The new data protection regulations, the impact on your cloud services and what both you and they need to do.
Big changes for data processors.
Third party processors, more often known to us as cloud service providers (CSPs) were not a consideration when the current data protection laws were written. As a consequence, they have very limited liability or obligation, often only governed by the commercial contract which typically focuses on the service elements such as up-time as opposed to the appropriate stewardship of data.
The GDPR imposes new direct compliance obligations on both controllers and processors, and both controllers and processors will face direct enforcement and serious penalties if they do not comply with GDPR. The majority of cloud service providers will be classed as processors if personal or sensitive personal data is in play.
To help enforce this, a new onus exists on CSP clients and service requestors to procure third party services that meet GDPR requirements when client or employee personal data is being processed.
What should we do to prepare?
Businesses should carefully review the requirements associated with appointing processors. In particular, it is advisable to review existing third party contracts and consider whether any amendments are required. Any new third party contracts should be drafted in accordance with the requirements of the GDPR.
Download this paper from 2twenty4 Consulting to learn more.