If you need HELP, SUPPORT or just have a GDPR question please call +44 (0) 208 133 2545 or email us at firstname.lastname@example.org.
Alternatively please visit our contact page
FREE GDPR Helpline
Call +44 (0) 208 133 2545
Big changes for data processors.
Third party processors, more often known to us as cloud service providers (CSPs) were not a consideration when the current data protection laws were written. As a consequence, they have very limited liability or obligation, often only governed by the commercial contract which typically focuses on the service elements such as up-time as opposed to the appropriate stewardship of data.
Why does this matter to cloud service providers?
The GDPR imposes new direct compliance obligations on both controllers and processors, and both controllers and processors will face direct enforcement and serious penalties if they do not comply with GDPR. The majority of cloud service providers will be classed as processors if personal or sensitive personal data is in play.
To help enforce this, a new onus exists on CSP clients and service requestors to procure third party services that meet GDPR requirements when client or employee personal data is being processed.