Cloud contracts are essential for organisations using the cloud. Cloud computing is where an organisation or individual uses remote servers that are hosted on the internet to manage, store and process data. The role of technology in business operations is growing all the time and organisations need cloud contracts to manage cloud services. The cloud has greater flexibility and storage capabilities and can be a more cost-effective storage method than a local server or personal computer. Your contracts need to be drafted to maximise these benefits and to meet legal compliance requirements.

Cloud contracts include both standard and negotiated contracts. These are a subcategory of IT contract. Standard cloud contracts are often non-negotiable and the user has to either take them or leave them. Negotiated or bespoke contracts are often for a specific one-to-one relationship.

Why do you need cloud contracts?

If your organisation is using the cloud, it is vital that there is a contract in place between the user and the provider of the cloud to regulate their relationship and avoid disputes. The law often by default places the responsibility on the user of cloud and the user can only pass on those responsibilities contractually by including them in the contract. Cloud compliance needs to cover data protection requirements and these should be clearly set out in your cloud contract. Articles 28.3 to 28.9 of the General Data Protection Regulation are very important in this regard. The parties involved need clear, compliant contracts that outline the responsibilities of each of the parties in respect of data protection and cloud compliance. Cloud contracts are an important element of the  IT contracts in your organisation.

We have developed a unique guide to using the cloud, cloud computing and how to manage your cloud contracts. The guide will take you from the basics to the more technical areas. It is an essential tool if you are using cloud services in your organisation.

Key issues in cloud contracts

These are some of them:

  • When there are problems, how quickly must the provider respond and then resolve the issue?
  • What is your remedy for a breach?
  • Does the provider warrant the security of the cloud and indemnify you?
  • What liability does the provider accept?

The rest are set out in our Cloud Contracts Guide.

Data protection law requires certain clauses in cloud contracts

Data protection laws classify people and organisations as operators and responsible parties, or data controllers and processors (in Europe). They have different titles in different countries but they perform the same functions. The responsible party or data controller determines the purpose and manner of processing of personal information. Operators or processors are organisations who process personal information for a responsible party under a contract or mandate. So, cloud providers are usually operators. It is the responsible party that must ensure that the manner of processing is secure and legally compliant by using cloud contracts. This a key step in cloud compliance. Essentially, the responsible party will enter into a contract with the cloud provider requiring them to process personal information at the standard required by the data protection law. From a cloud provider perspective, they must only process personal information with knowledge and authorisation of the responsible party. Additionally, the data subject can consent to have their personal information stored by the cloud provider.

Actions cloud users can take

  • Manage the risks associated with standard cloud contracts with the big cloud providers by providing clients with a cloud contracts guide and a table of issues.
  • Regulate the relationship between a cloud provider and user by asking us to draft a cloud contract.
  • Consider a cloud contract presented to you by someone by asking us to review or negotiate it.
  • Find out more about cloud computing governance, risk and compliance, including cloud compliance.

Actions cloud providers can take

  • Find out about cloud contracts, the associated risks, what the law requires to be in them and how to draft them by buying our Cloud Contracts Guide.
  • Manage the relationship with your customers by asking us to draft your terms or contracts.
  • Regulate the relationship between a cloud provider and user by asking us to draft a cloud contract.
  • Find out more about cloud computing governance, risk and compliance, including cloud compliance.

Interested?

If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.