Open Season on Service Providers? The General Data Protection Regulation Cometh…

Open Season on Service Providers? The General Data Protection Regulation Cometh…

Are you a service provider dealing with personal data? Be afraid. Be very afraid. Especially (but not only) if you’re an IaaS/PaaS cloud provider.

Kuan Hon explains...

Data controllers: be prepared. Your service providers (if well-advised) will want to negotiate or renegotiate your contracts.

Why? The General Data Protection Regulation (GDPR). This would make service providers and other data processors directly liable, across the European Economic Area, for security and certain other data protection-related matters. The EU institutions, each with their own version of the text and currently in horse-trading 'trilogue' negotiations, aim to agree and adopt GDPR by the end of 2015. That's not far off, in the scheme of things, although there should be a two-year lead time before the GDPR takes effect (directly) in all EEA Member States.

What's the big difference? Under the current Data Protection Directive 95/46/EC, only data controllers have obligations and liabilities under data protection laws, in most Member States (although in a few, such as Ireland, processors do have direct liabilities under national implementing laws). Controllers determine the purposes and means of processing personal data; processors are engaged by controllers to process personal data on their behalf, ie service providers. A controller must put in place a contract (processor agreement, or Article 17 agreement) with its processor, requiring the processor to process personal data only in accordance with the controller's instructions, and to implement certain security measures. The controller also has to ensure the

Subscription Form

Related Articles:
Latest Articles:

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author: