No, the data protection shield is fully in effect. If you are certified under the Data Protection Shield, you are still bound by your obligations to both the Ministry of Commerce and all customers you have signed under this contract. Under the RGPD, SaaS suppliers face direct data processing obligations. They must ensure that their product agreements with customers comply with data requirements. Otherwise, customers, customers and local data protection authorities could impose infringements on them. Keep in mind that oral or written confirmation of RGPD compliance from your third-party suppliers is not enough. You must also have data processing agreements with each of your suppliers and subcontractors to get full compliance. With licensed software, a system integrator or implementation partner often obtains a copy of the software and then installs it on hardware controlled by its client. In most cases, the data is entirely under the control of the customer, so the data processing agreements have not been concluded. Therefore, if you are responsible for the data, update your product agreements to comply with the new rules. And for the processors out there, check with your SaaS suppliers to see if they`ve started taking the appropriate steps for compliance, and make sure your own team is fully prepared – if you want to share some of your preparation tips, shoot in the comments area below! SaaS suppliers and SaaS customers must ensure that all contractual documents containing data processing, such as SaaS agreements, privacy policies and hosting and support agreements, comply with the new RGPD and Dpa rules.
Since the General Data Protection Regulation (GDPR) came into force on 25 May 2018, SaaS suppliers and customers have been legally required to include a written data processing agreement (DPA) in their SaaS agreements. The data protection authority is generally a timetable for the SaaS agreement and must include the specific and detailed mandatory obligations set out in the RGPD. SaaS providers should use their own data protection authority and object to any attempt by a SaaS customer to have them registered on the SaaS customer`s privacy statement for the following reasons. First, data processors must sign data processing agreements with processors. A data processing agreement is a legally binding agreement (i.e. a contract) that clearly specifies each client`s responsibilities and expectations. In addition, it should contain a description of appropriate safeguards for data processing. A data processing agreement ensures not only compliance with the RGPD, but also the compliance of the third parties you work with.
Irene Bodle is an IT lawyer specializing in SaaS and has more than 14 years of experience in managing SaaS, cloud computing and IT law issues. If you need assistance with SaaS agreements, cloud computing issues or other IT law issues, please contact me at: Whatever conditions on the table, they must comply with the RGPD, for example. B of the SaaS Ts-Cs or SaaS agreements, saaS service level terms, platform privacy statement, hedging agreements on data processing contracts. Be careful not to mix the parts and their roles within the RGPD. Cloud service providers („CSPs“) now have a key responsibility as data processors and must act exclusively on the instruction of the data processor when processing personal data.
Neueste Kommentare