Data Protection for
IT Service Providers and Cloud Services
Cloud computing provides efficient, flexible, and on-demand service over a network (usually the Internet), and it is almost impossible to imagine business today without the cloud. “Software as a Service”, “Platform as a Service”, or “Infrastructure as a Service” enable computing power available everywhere without high acquisition costs or complex maintenance.
Various IT services, such as storage space and varying cloud based apps, are offered online by the provider. Companies no longer need to operate their own servers to store their data, for example, but can use capacities and services as required and also bill accordingly.
Our data protection services for you:
Data Protection for IT and cloud service providers
3 steps to legal consultation
Simply fill out this form and one of our team will contact you to organise a free of charge, no obligation call.
Your data – your responsibility. Even in the Cloud
What about Data Protection when it comes to cloud computing though? If Personal Data is involved, Data Protection Regulations must be completely observed. Anyone who uses cloud services remains responsible for the data and must ensure, in addition to responsibility, that they also retain control over the data.
Diverse legal challenges
The cloud harbors additional risks because different parties work together. To comply with Data Protection Law, cooperations and corresponding data flows must be precisely coordinated and laid down in contracts. Cloud hosts must guarantee transparency, integrity and technical security of Data Processing to those affected in the “distant cloud“, which is only possible through individual contractual agreements with the provider. In particular, the following risks must be considered and dealt with:
Do you need an External Data Protection Officer?
Five steps to full service compliance:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
Cloud computing requires experience in international data protection
The cloud becomes complex in terms of Data Protection Law when the data cross national borders, and almost every cloud is international. Do you know exactly where the server is located that processes your customer or employee data? Technical and organizational Data Protection issues are particularly important when Personal Data leave the European Union (EU). International Data Flow to so-called third countries requires additional contractual security in case the level of Data Protection in the third country is lower, which is often the case. Such arrangements are important to make digital expansion successful and exclude major risks.
Your partner for EU Standard Contract Clauses and Binding Corporate Rules
The use of Standard Contractual Clauses (SCC) of the EU Commission or Binding Corporate Rules (BCR), Art. 46 GDPR, as the basis for data transfers via cloud services is possible. Adding international subcontractors, the IT service provider must conclude suitable contracts for so-called Data Processing on behalf of the controller and observe corresponding obligations to control these subcontractors.
Our service to you
How our legal experts help IT service providers and cloud based services
As experts on Data Protection, we bring our knowledge to your projects in a sustainable manner. Therefore, we navigate you safely through the requirements of cloud services. Our Expert Team has experience both as consultants for cloud providers and for companies working with a cloud. We can support both sides with Data Protection Audits. Additionally, we ensure compliance with legal obligations that also strengthen the competitiveness of your company. Through risk analyses and Data Protection Audits, we ensure the reduction of risks to a minimum.
If required, we can also act as an External DPO for you as an IT service provider or support your company’s Data Protection Officer with compliant implementation of cloud computing. Convince yourself of our range of services and get in touch with us to arrange a non-binding appointment.
Attorney at Law (Germany)
Managing Director | Attorney at Law (Germany)
Head of International
Attorney at Law (Germany)
Attorney at Law (Germany)
Cloud services and software as a service (SaaS)
IT companies providing software as a service (SaaS) via the cloud face special challenges when it comes to data protection. The GDPR demands that the default settings for software should lead to better data protection, and that the collection, storage, and processing of users’ personal data requires the informed consent of the data subject or another legal basis. In addition, the amount of collected personal data is limited by default, as is the scope of its processing. This helps to correspond to legal obligations. Our lawyers and data security experts can help you build advantages in competition, strengthen customer relationships, and win new customers with professional data protection management.
Send this page to a colleague?
Find out more about our individual legal services
Our Lawyers act as External Data Protection Officers (DPO) for small and medium-sized companies, associations, institutions and international corporations.
Working alonside a DPO, our Data Protection Managers help to implement data protection guidelines and ensures orderly and up to date documentation of your GDPR compliance.
Regular data protection audits ensure that your business continues to process and store personal data in a manner that’s compliant with ever changing data protection laws.