In this post for Privacy Perspectives, Pinsent Masons Consultant Lawyer Kuan Hon warns, “Service providers, be afraid. Be very afraid. Especially—but not only—if you're an IaaS/PaaS cloud provider.” She is referring to the coming of the General Data Protection Regulation and the new obligations it may bring for service providers. “What's the big difference?” She writes, “Under the current Data Protection Directive, only data controllers—not processors—have obligations and liabilities under data protection laws”; yet in Parliament’s GDPR draft “a processor could get sued—even if the damage was the controller's fault—and the processor would then have to try to claim from the controller.” Where the text ends up will make all the difference.
If you want to comment on this post, you need to login.