Cloud computing | Law governance risk compliance

//Cloud computing | Law governance risk compliance
Cloud computing | Law governance risk compliance2019-04-18T12:46:01+02:00
  • Cloud computing governance risk compliance

Cloud computing is one of those few technologies that has lived up to the hype. Cloud computing involves the delivery of computing resources as a utility service over the Internet. It involves the delivery of infrastructure, platforms and software “as a service”. It has brought huge efficiency and cost savings. But what about the governance, risk and compliance (GRC) aspects of cloud computing? They should not stop you using cloud computing but you should adequately address them.

Lawyers should be measured on what they lawfully enable and not what they stop.

Cloud computing legal issues or implications

  • Cloud governance – putting the correct governance framework in place. This is a subcategory of IT GRC.
  • Cloud risk management – how to govern the risks associated with cloud computing?
  • Cloud compliance, including data protection (or the protection of personal information), data sovereignty and data localization.
  • Cloud contracts, including standard and negotiated contracts. These are a subcategory of IT contract.
  • Data portability from one cloud to another, including on termination of a contract.
  • Cloud provider liability – when can the provider be held liable for their client’s data?
  • Ownership of information in clouds – the application of copyright law to cloud data.
  • Law enforcement access to data in clouds – interception of data in clouds.
  • Applicable law – what law applies to the cloud?

We do not focus on the use of cloud computing by law firms or the use of cloud computing for legal application. In this regard, you can read an Introduction to Cloud Computing Legal Implications for South African Law Firms drafted for the LSSA by Mark Heyink.

How we can help you

We have options for you to choose from, which complement one another and you may wish to switch between them at different times.

You can control cloud computing yourself by:

This option is best for those who want to keep the cost of compliance as low as possible. You can always start here and then move to one of the other options at a later stage if necessary. For example, empower yourself to manage governance, risk and compliance regards the cloud by attending our IT GRC workshop.

Some organisations want to comply with our guidance. You can achieve this by joining one of our programmes. Our self-paced programmes help you protect the personal data your organisation processes in a practical and effective way. We empower you and guide you through practical steps.  It is suitable for organisations who have an in-house legal or compliance team and who want to keep the costs of non-compliance down, by doing it themselves with guidance. For example, you can know what security the law requires you to put in place by joining our Information Security Regulation programme.

Some organisations want us to do what needs to be done for them by asking us to provide specific bespoke solutions. This option often complements the other two options. This is for organisations who want to go at their own pace or have individual specific needs. This is the most expensive option because we take action specifically for your organisation. If you’re interested, we can quote you a fixed price (on an as-and-when-needed basis) or agree a retainer.

Our Experience with cloud computing law

  • We have raised many people’s awareness of the legal issues regards cloud computing by presenting at many large public and private events (for example, the  ITWeb Cloud Summit).
  • We have helped organisations use data centres in various countries (like the Netherlands, Ireland, and the US) by advising them on how to do it lawfully.
  • We have enabled organisations to transfer data across borders lawfully by helping them put the necessary precautions in place.
  • We have helped organisations know when they can’t use cloud computing by identifying data localization laws in various countries.
  • We have provided clarity and legal certainty by researching and drafting legal opinions on the legal issues related to cloud computing.
  • We have empowered clients to control cloud computing by providing them with a legal framework for adopting and using cloud computing.
  • We have helped organisations manage the risks associated with standard cloud contracts with the big cloud providers by providing clients with a cloud contracts guide and a table of issues.
  • We have helped many cloud providers manage the relationship with their customers by drafting their terms or contracts.
  • We have helped hosting services providers deal with law enforcement interception requests by advising and drafting responses.

We have a more comprehensive list of the matters we have worked on that is available on request.

Our Clients

Our clients include both cloud providers (like ISPs, ECSPs, SaaS providers and those who provide hosting services) and the users of cloud computing (including organisations in the FMCG and financial services industries).

How you Benefit

  • Comply with the laws that apply to cloud computing that your organisation must comply with by putting the necessary controls in place.
  • Reduce the risks associated with cloud computing by knowing what they are and taking steps to manage them.
  • Fast track your efforts by accessing deep knowledge, expertise and experience.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.