Cloud computing—data protection
Cloud computing—data protection

The following TMT practice note provides comprehensive and up to date legal information covering:

  • Cloud computing—data protection
  • Brexit
  • Cloud computing and the GDPR
  • Guidance from supervisory bodies
  • Contract or other legal act
  • Meaning of processing and personal data under the GDPR
  • Controllers and processors
  • General obligations on customers (as controllers)
  • Specific obligations on customers (as controllers) under Article 28
  • Details of the processing
  • More...

STOP PRESS: On 7 September 2020 the EDPB published Guidelines 07/2020 on the concepts of controller and processor in the GDPR for consultation. Those (draft) guidelines include guidance on the relationships between controllers and processors, including requirements for contracts and that is otherwise relevant to the subject matter of this Practice Note. This Practice Note will be updated to reflect that development shortly.

This Practice Note on data protection and business-to-business cloud computing, including software as a service (SaaS), platform as a service (PaaS) and infrastructure as a service (IaaS) solutions, provides guidance on:

  1. the implications of Brexit for the subject matter of this Practice Note

  2. cloud computing and the GDPR

  3. general obligations on customers (as controllers)

  4. specific obligations on customers (as controllers) under Article 28

  5. international personal data transfers

  6. obligations on suppliers (as processors)

  7. sub-processing

  8. standard processing clauses, approved codes of conduct and certification schemes

  9. sanctions and enforcement

  10. considerations for cloud customers

  11. considerations for cloud suppliers

  12. negotiating cloud contracts

  13. other information laws

  14. overseas data protection laws

  15. conflict of laws and the US CLOUD Act

This Practice Note covers the law under the General Data Protection Regulation (the GDPR) regime as it applies in the UK.

As further explained below, in the context of cloud computing, the customer will generally be a controller and the supplier a processor. Unless stated otherwise, references to the supplier or to

Related documents:

Popular documents