Define the degree of autonomy left to the cloud service provider as a data processor in the choice of technical or organizational methods and measures; As part of the Service Level Agreement (SLA) obligations under the Cloud Computing Agreement, customers should receive written documentation of a vendor`s downtime and ensure that the window does not cause problems for the customer`s business. Customers can also require the provider to be proactive in detecting downtime by specifically asking the provider to monitor the “heartbeat” of all servers through automated pinging. This requirement should allow the provider to know very quickly that a server is failing without having to wait for a notification from the customer. Solutions to most of the problems identified in this document can change significantly depending on the delivery model (private, public or hybrid cloud computing) and the service model (SaaS, PaaS, IaaS). Member State Supervisors (SA) have divided the main privacy and privacy risks in the cloud into two categories: cloud service providers often contain clauses in contracts in which they retain the right to unilaterally change the cloud contract. However, the introduction of such technologies requires companies to enter into contractual agreements with cloud service providers that could be standardized (for example. B Amazon Web Services customer contract) or customer-friendly (especially when the customer uses large-scale cloud services). The negotiation of such agreements depends on the service provider. However, most cloud contracts are usually standard form contracts with pre-set terms.
These are also legal, thanks to Section 10A of the Information Technology Act, which grants them validity. In a TRADITIONAL LICENSING SOFTWARE or hardware purchase commitment, the supplier installs the software or equipment in the customer`s environment. Customers can set up software or hardware to meet their specific business requirements and maintain control over their data. In a cloud computing environment, software, hardware and customer data are hosted by the vendor, usually in a common environment (i.e. many customers per server), and the software and hardware configuration is much more seamless for all customers. As a result, the customer`s top priorities shift from configuration, implementation and acceptance to service availability, performance (i.e. service levels) and data security and control. However, provisions such as insurance, compensation, intellectual property, liability limitations and guarantees are also important.
One of the most important aspects of developing and negotiating a cloud computing agreement is the definition of appropriate service levels in terms of service availability and responsiveness. Since software and infrastructure are hosted by the supplier outside the customer`s control, service levels meet two main objectives: applicable law: with regard to existing data protection legislation, the Regulation (EU) 2016/679 defines the territorial scope of Article 3. In particular, paragraph 1 of the Regulation stipulates that its provisions apply to the “processing of personal data in the context of the establishment activities of a processing manager or subcontractor in the EU, whether or not the treatment takes place in the Union”. Therefore, where the establishment of the processor (CSC) or data processor (usually the cloud service provider as a data processor) is in the EU, the provisions of the regulation apply. The cloud computing agreement should require the customer to have exclusive control over the timing, content and method of such notification in the event of a breach of security or confidentiality and in the event of a breach of confidentiality and notification to customers or customers or the customer.