Cloud-based service providers and data centre operators face major new responsibilities once the General Data Protection Regulation (GDPR) comes into force on May 25, 2018.
Previously cloud firms could defer responsibility for many security and anonymisation measures to their customers, but GDPR places direct obligations on any party designated as a data "processor" under the new regime.
For instance, processors will need to maintain records of data processing activities, cooperate with supervisory authorities and notify data protection breaches to controllers without undue delay.
Sarah Williamson, wrote in a recent article for DataCentre News that the stage is set for enhanced due diligence of security measures and significant contractual wrangling between parties that will need to clarify where responsibilities and liabilities lie.
The future impact of the regulation is huge and multi-million pound fines are at stake.
Boyes Turner’s experts can help organisations of all size navigate the impact of the GDPR – from data mapping, to gap analysis and risk assessment through to helping them consider the practical implications of the change in the law on a business’ processes and procedures.
Click here to learn more about the regulation and our approach to the regulation, including information on training courses, audits and reviews.
To find out more about how Boyes Turner can help you and your company with the upcoming GDPR changes please contact Sarah Williamson on [email protected]. If you would like to attend our next webinar aimed at marketers on 29 June please see here.
Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.