All parties will be signing up to the GDPR so everyone must demonstrate compliance
Cloud Service Providers (CSPs) of any size risk being hit with major fines if they fail to comply with the terms of the General Data Protection Regulation (GDPR). This is according to managed service provider The Bunker who argues that, irrespective of size and where they sit in the supply chain, CSPs need to have the relevant capabilities and security in their DNA if they wish to achieve and maintain full compliance.
The GDPR comes into effect on 25 May 2018 and is designed to better protect citizens' data and harmonise legislation across the EU. Speaking at the recent Cloud and Infrastructure Summit 2016, Data Protection expert Kuan Hon, stated that it may be near impossible for cloud computing companies to put the required terms and conditions on their suppliers, unless they are as large as the giant vendors such as Amazon, Google and Microsoft due to the degree of leverage they have over their supply chains. Instead responsibility will flow down the digital supply chain, putting a burden on smaller providers. This, she predicted, will leave the larger players to dominate Europe's cloud market.
Phil Bindley, CTO at The Bunker, believes that while there is only so far smaller companies can realistically perform due diligence along the supply chain, as these can be extremely extensive, company size will not be the determining factor for success in the European market. Instead, the defining business attribute will be having a culture of information security instilled within the business.
Bindley explains: "The GDPR is a heavyweight piece of legislation and will challenge cloud providers of all sizes, but it is much more onerous to comply with for those that don't have security in their DNA. It is likely that the herd will thin out over the next few years as...