GDPR Requirements for Cloud Suppliers

The General Data Protection Regulation (GDPR), which becomes effective on 25 May 2018, is a great deal wider-reaching compared to several people are aware of. This far reach can be especially vital to recognize for third-party providers, like Cloud facilities providers. These providers might be affected by the GDPR even when they do not directly have any Europe based customers.


The Range of GDPR


GDPR is envisioned to help bring some consistency to the manner in which data safety is dealt with all over the EU. However, it does not only apply to EU based companies and organizations. Any business which handles the private data of EU based people must comply with the conditions of GDPR. So, what does this has to do with Cloud services suppliers, including those that do not have any Europe located clients?


The Job of a Processor


As described in Article 82 of GDPR, data controllers, as well as data processors, now have combined responsibility for the safety of personal data. They are also mutually accountable for making sure that GDPR is complied with. This isn’t the same as what happened earlier when data controllers had full responsibility.

Looking at this in connection with a Cloud services supplier. If they provide services for a customer which involves handling the private data of EU inhabitants they must abide by the conditions of GDPR. This applies whether the customer is based in the EU or not.

If the Cloud facilities provider takes any action that does not comply, they can be held directly responsible. Given the fact that data controllers and processors might be held equally accountable, as per GDPR, all agreements between the data controller and the Cloud services provider must include provisions concerning this matter.

This is a substantial change for Cloud facilities providers and one which they can’t afford to take likely. Non-complying with GDPR can lead to the imposition of exorbitant fines.