by GDPR Associates | 6th May 2017 5:04 pm
Big changes for data processors.
Third party processors, more often known to us as cloud service providers (CSPs) were not a consideration when the current data protection laws were written. As a consequence, they have very limited liability or obligation, often only governed by the commercial contract which typically focuses on the service elements such as up-time as opposed to the appropriate stewardship of data.
Why does this matter to cloud service providers?
The GDPR imposes new direct compliance obligations on both controllers and processors, and both controllers and processors will face direct enforcement and serious penalties if they do not comply with GDPR. The majority of cloud service providers will be classed as processors if personal or sensitive personal data is in play.
To help enforce this, a new onus exists on CSP clients and service requestors to procure third party services that meet GDPR requirements when client or employee personal data is being processed.Download the PDF
Source URL: https://www.gdpr.associates/gdpr-cloud-service-providers-essential-guide/
Copyright ©2020 GDPR Associates unless otherwise noted.