Cloud contracts are essential for organisations using the cloud. Cloud computing is where an organisation or individual uses remote servers that are hosted on the internet to manage, store and process data. The role of technology in business operations is growing all the time and organisations need cloud contracts to manage cloud services.
The cloud has greater flexibility and storage capabilities and can be a more cost-effective storage method than a local server or personal computer. Your contracts need to be drafted to maximise these benefit and to meet legal compliance requirements.
Why do you need cloud contracts?
If your organisation is using the cloud, it is vital that there is a contract in place between the user and the provider of the cloud to regulate their relationship and avoid disputes. The law often by default places the responsibility on the user of cloud and the user can only pass on those responsibilities contractually by including them in the contract. Cloud compliance needs to cover data protection requirements and these should be clearly set out in your cloud contract. Articles 28.3 to 28.9 of the General Data Protection Regulation are very important in this regard. The parties involved need clear, compliant contracts that outline the responsibilities of each of the parties in respect of data protection and cloud compliance. Cloud contracts are an important element of the IT contracts in your organisation.
We have developed a unique guide to using the cloud, cloud computing and how to manage your cloud contracts. The guide will take you from the basics to the more technical areas. It is an essential tool if you are using cloud services in your organisation.
Key Issues in Cloud Contracts
These are some of them:
- When there are problems, how quickly must the provider respond and then resolve the issue?
- What is your remedy for breach?
- Does the provider warrant the security of the cloud and indemnify you?
- What liability does the provider accept?
The rest are set out in our Cloud Contracts Guide.
Data Protection Law Requires Certain clauses in Contracts
Data protection laws classify people and organisations as operators and responsible parties, or data controllers and processors (in Europe). They have different titles in different countries but they perform the same functions. The responsible party or data controller determines the purpose and manner of processing of personal information. Operators or processors are organisations who process personal information for a responsible party under a contract or mandate. So, cloud providers are usually operators. It is the responsible party that must ensure that the manner of processing is secure and legally compliant by using cloud contracts. This a key step in cloud compliance. Essentially, the responsible party will enter into a contract with the cloud provider requiring them to process personal information at the standard required by the data protection law. From a cloud provider perspective they must only process personal information with knowledge and authorisation of the responsible party. Additionally, the data subject can consent to have their personal information stored by the cloud provider.
Actions you can take
- Find out all the necessary information on cloud contracts and compliance by buying our Cloud Contracts Guide.
- Regulate the relationship between a cloud provider and user by asking us to draft a cloud contract.
- Consider a cloud contract presented to you by someone by asking us to review or negotiate it.
- Find out more about Cloud Compliance.