Cloud computing and GDPR requirements
Posted on in Intellectual Property
Using cloud computing for services such as HR, backup and customer relationship management (CRM) is becoming increasingly common but before selecting a provider it is vital to ensure the service complies with the General>The GDPR imposes restrictions on transfers of personal>organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the United States of America (limited to those participating in the Privacy Shield framework).
This makes using cloud computing which involves transferring>How to comply if the cloud stores>Appropriate safeguards in the cloud computing context requires at minimum a contract between the supplier and customer and/or supplier's subcontractor containing standard contractual clauses set down by the European Commission.
The purchaser of the cloud service will be the>and so the location of the provider is rarely the same as where the>Standard contractual clauses are likely to be the only means of achieving those appropriate safeguards in the context of a business purchasing cloud computing from a relatively small provider.
These standard contractual clauses must be in place between the cloud storage provider and its subcontractors, not just the customer and the cloud storage provider. This means it is vital to see the provider's sub-contracts before purchasing their services.
Important questions to ask before buying cloud software or storage
- Does the provider use its own servers or subcontractors' servers?
- In what country are those servers located?
- Can the cloud provider be certain that>If those servers are outside the EEA or a country with a current adequacy decision, what written contract is in place between the cloud provider and subcontractor, and if there is one, does it include the standard contractual clauses?
Find out more
If you would like any help or support then visit our dedicated Intellectual Property pages or contact our expert team.