The General Data Protection Regulation (GDPR), which becomes effective on 25 May 2018, is a great deal more far-reaching than several people are conscious of. This far reach can be particularly important to recognize for third party suppliers, like Cloud services suppliers. These suppliers might be influenced by the GDPR even when they don’t directly have any Europe centered customers.
The Influence of GDPR
GDPR is envisioned to assist bring some consistency to the method in which data safety is dealt with throughout the EU. However, it doesn’t just apply to EU based organizations and businesses. Any company which handles the private data of EU based people has to abide by the conditions of GDPR. Hence, what this has to do with Cloud facilities suppliers, including those that don’t have any Europe based customers?
The Duty of a Processor
As described in Article 82 of GDPR, data processors and data controllers now have a joint duty for the safety of private data. They are also together accountable for making sure that GDPR is complied with. This is unlike to what happened earlier when data managers had complete accountability.
Looking at this in connection with a Cloud facilities supplier. If they deliver facilities for a client which involves handling the private data of EU nationals they must abide by the conditions of GDPR. This applies irrespective of whether the customer is based in the European Union or not.
If the Cloud facilities supplier takes any action that’s not complying, they can be held directly responsible. Given the truth that data processors and controllers can be held equally responsible, as per GDPR, all agreements between the Cloud facilities supplier and the data controller must include provisions concerning this matter.
This is a substantial change for Cloud facilities suppliers and one which they can’t afford to take lightly. Non-compliance with GDPR can lead to the imposition of costly penalties.