Connect with us

Business

THE POTENTIALLY CATASTROPHIC EFFECT OF GDPR ON CLOUD MIGRATION – IF YOU HAVEN’T STARTED YET.

Dr Gavin Scruby,CIO,SmartDebit

Certain industries have significant restrictions on the way they process data. Some of the most common are defence, health, credit card and government. When these organisations process data, they have to comply with industry-specific regulations, which benefits us all. What some companies have not yet realised is that everyone now operates under a similar kind of regulation. This is of course the General Data Protection Regulation, most commonly referred to as GDPR, which now governs data protection across the EU. The UK government intends to write GDPR into UK law and stay largely parallel with the EU, so the caveats here will probably apply even in the case of a no-deal Brexit. While many people know that the GDPR affects how they should protect data, the breadth of impact on the data controller-processor relationship is often missed, and this can have catastrophic effects on business flexibility, and particularly on cloud migration.

Gavin Scruby

Before getting into the consequences of this and how they could be managed, it’s worth looking at what controller and processors are, to see how they affect nearly everyone who offers a service over the internet. If you have a website and you integrate a card payment service, you are a data controller – you decide what data you collect from your customers (card details and postcode), why it is processed (to make a card payment) and who processes it (the card payment processing company). While you are the controller, the card company is your processor – it processes data from your customers to enable credit card payments to happen. This kind of relationship is more common than many people may think. In any situation where a company provides a personal-data processing service to another company, that service company becomes a processor. It could be an online CRM service, a bookings service, an online document storage service, even a paper document library (as GDPR applies to printed information too) – almost anything where the service provided stores or processes personal data for another organisation creates a controller-processor relationship.

The difficulty now is that GDPR puts a lot more restrictions on what a processor can do without the controller’s consent, largely because the controller now has many more obligations to check and control how data that it collects is used. This is only fair; if you are liable for data you’ve collected, you should have some say in what is done with it when you subcontract it to someone else.

A key restriction, and the one we consider here, is within the GDPR’s Article 28 Paragraph 2: “The processor shall not engage another processor without prior specific or general written authorisation of the controller. In the case of general written authorisation, the processor shall inform the controller of any intended changes concerning the addition or replacement of other processors, thereby giving the controller the opportunity to object to such changes.”

The simple language interpretation of this is that as a processor, you can’t change your data subcontractors without explicit permission from your controllers (i.e. customers) – and that means all of them. This is difficult enough if you want to change standard suppliers, but the often neglected consequence is that it can also affect where you locate core data and whether you migrate to the cloud. Even if you rent rack space in a data centre (co-location hosting) and the data centre never “sees” unencrypted data, this is still classed as a sub- processor by the law. Consequently, any move to another data centre, or a migration to cloud, is considered a change in sub-processor, which therefore requires permission from all customers.

In practice, this could be extremely limiting. You would not want to attempt to arrange written authorisation from every customer when you want or need to move to the cloud. If nothing else, it could push back migration timescales by years. The most you would want to do is inform customers, with perhaps an early termination clause if they had a significant issue. This is not how contracts are being drafted, and not how the ICO recommends they are drafted. Standard clauses will be created by the EU or ICO in time, but these are not yet available. The ICO recommends contract terms of the form: before employing a sub-processor, the original processor must inform the controller and obtain its prior specific or general written authorisation. It is possible to draft contracts to contain general written authorisation or include clauses to allow early termination or assumed acceptance on non-response, but you’ll need professional legal advice to make these enforceable and legal such that they do not violate the GDPR.

The result of the introduction of the GDPR now means you need to do two things: firstly, make sure your own contracts are drafted to ensure maximum flexibility for you but in compliance with the law; and secondly, read sub-processor clause amendments made by customers very carefully. Here you need to discuss your specific circumstances with your legal advisors or industry body. If you just migrate to cloud without customer consent, you could fall foul of GDPR sub-processor limitations, and many more organisations and individuals are getting knowledgeable on their rights.

Don’t panic though. The GDPR has thrown up many situations like this and it is still very new, in case law terms. The GDPR is not intended to work in such a way as to stop dead industry-wide cloud adoption. Everyone is finding their way on these rules right now and the ICO seems to be taking a “carrot” rather than “stick” approach for those companies who are genuinely trying to improve data protection but still operate their businesses competitively. In time, consensus guidance will be developed, but until that time, we all have to be more careful about what we sign and even more careful about the contracts we write.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Business

FIVE REASONS WHY YOUR BUSINESS’ PROCUREMENT TEAM SHOULD BE USING A CONTRACT MANAGEMENT SYSTEM

By Daniel Ball, business development director at Wax Digital

 

Even in today’s digital-first environment some businesses are still storing documents, such as contracts, in filing cabinets making it labour intensive to retrieve, manage and even identify important paperwork. In fact, it is calculated that poor contract management practices are costing companies an average of nine percent of their annual revenues.

Moving to a contract management system online can speed up the retrieval process and help decrease the amount of time and resources required to manage contracts. Using a CMS companies can create an online database to centralise information and store documents. Not only does this help ensure contracts are well managed and kept up-to-date, but it can also help businesses save up to 20 percent of overall costs per year.

From legal departments overseeing regulation compliance to finance teams ensuring payment deadlines are met, contract management technology benefits many areas of an organisation. So, how can a good CMS help your procurement team?

 

Daniel Ball

How will a good CMS help your procurement team?

The number of suppliers your procurement team must oversee varies depending on the size of your business. It’s not uncommon for large enterprises to be working with thousands of suppliers at one time. A CMS will use automation to record, manage and streamline data, providing procurement teams with important contract details including time and location information, as well as real time alerts such as contract breaches.

Here are five reasons why your business should be using an online contract management platform:

  1. Increased spend visibility

Using a CMS can give procurement professionals full visibility of suppliers, including the company name and location of where a product is coming from and in what quantity. This transparency will also help contribute to the risk management strategy of your business as it enables you to spot vendors who may be prone to environmental, economic and political uncertainty. In the current environment, for example, suppliers’ may have decreased or ceased production due to COVID-19 or could have been heavily impacted by the negative price of oil, making visibility increasingly important for businesses.

 

  1. Eliminates maverick spend

Centralising and streamlining contract documents will ensure that buyers can instantly access up-to-date information to see if a contract already exists. This helps buyers avoid simple and common mistakes that often occur when using manual filing systems, such as onboarding new vendors when existing agreements are in place with another supplier.

 

  1. Keeps track of contract renewals

It’s easy to forget about contract renewals or sign up for another term without ending an existing agreement, especially when using a traditional filing system. Businesses using an online CMS can set up renewal alerts in advance, allowing buyers sufficient time to source new vendors or negotiate better prices.

 

  1. Improves spend management

A centralised database means that all negotiated prices, contract conditions and other important transactions can be accessed in one place, making it easier to analyse spend. A CMS can help identify discrepancies, find where contract violations have occurred and deal with any associated problems.

 

  1. Adhering to regulatory and legislative compliance

It’s important to ensure that all suppliers are meeting the terms of their contracts. A CMS will automatically audit supplier information, meaning that any failures are immediately raised to procurement teams. The platform will also provide notifications if any new data is required or updates need to be made, avoiding potential legal issues.

It’s clear that using an online CMS will benefit your business and procurement teams by increasing spend visibility, enabling access to up to date information, ensuring contracts are closely monitored while contributing to the reduction of unnecessary spend. So, now’s the time to stop relying on those dusty old filing cabinets and start using a CMS.

 

Continue Reading

Business

PROTECTING YOURSELF AGAINST A RECESSION

TRUSTS

James Turner, Director at Turner Little

 

The coronavirus outbreak has spread to businesses, leaving many around the world counting costs. Notoriously, known as the Great Lockdown, it’s been affecting the world economy since early this year. The predicted recession is considered to be the steepest economic downturn since the Great Depression.

So, what does that mean for you? James Turner, Director at company formation specialists, Turner Little, suggests “While there’s no fool proof way to ‘recession-proof’ your finances, establishing a solid base now will put you in a better position to weather the storm.”

“Whilst the future of the global economic landscape is simply too complex to predict, it’s not hard to spot imbalances that have built up, as central banks and governments around the world talk about introducing further fiscal stimulus and monetary expansion, the consequences could be significant,” adds James.

A good wealth management agent will recommend starting by saving a substantial cash emergency fund in a high-yield savings account, understanding your spending habits and where you could cut back if you needed to, and establishing your long-term investing strategy now, so you can stick to it.

 

Invest wisely

If you were to solely invest based on the inevitability of a recession, you are likely to miss returns that are immediately available. If you truly want to recession-proof your assets, the best thing to do is develop a long-term strategy and invest wisely.

 

Diversification still matters

It’s dangerous to pile all your investments into a single sector, including consumer staples. Diversification is especially important during a recession when particular companies and industries can get hammered. Creating a diversified portfolio of assets blended across asset classes—such as fixed income and commodities, in addition to equities, sectors, geographies and strategies—can also act as a check on portfolio losses.

 

Build a reserve

To keep your money protected before, during and after a recession, it’s recommended to have an income generation conversation with a financial advisor. This will cover a lot of different topics, but one of the most important is the emergency fund. You’ve likely heard many times that it’s good to have between three and six months’ worth of living expenses set aside in the event of a job loss, health crisis, or other unforeseen circumstance.

 

Protect your assets

If you’re interested in talking about protecting your assets and your investment portfolio, do get in touch. We specialise in creating bespoke solutions for individuals and businesses of all sizes. The knowledge and expertise of our specialists will be able to assist with any enquires, no matter how complex.

 

Continue Reading

Magazine

Partner Events

Trending

Finance2 days ago

AI: CUSTOMER FACING EMPLOYEES’ BEST FRIEND IN THE FINANCIAL SERVICES INDUSTRY

By Ryan Lester, Senior Director, Customer Experience Technologies at LogMeIn   We’ve all heard the old saying “money talks.” Well...

Banking2 days ago

HOW IDENTITY IS SECURELY UNLOCKING THE SME BANKING MARKET

By Mike Kiser, senior identity strategist at SailPoint   Have an identification card in your wallet? With a selfie and a...

Business3 days ago

FIVE REASONS WHY YOUR BUSINESS’ PROCUREMENT TEAM SHOULD BE USING A CONTRACT MANAGEMENT SYSTEM

By Daniel Ball, business development director at Wax Digital   Even in today’s digital-first environment some businesses are still storing...

Videos3 days ago

EXEGER – CHANGING THE PERCEPTION OF POWER

   

News3 days ago

FINASTRA GLOBAL SURVEY SHOWS APPETITE FOR OPEN BANKING PICKING UP PACE WORLDWIDE

86% of global banks surveyed are looking to use open APIs to enable Open Banking capabilities in the next 12...

Wealth Management3 days ago

STOCK MARKET ANALYSTS DISCUSS HOW TO INVEST DURING A RECESSION

Online tool looks back at how world markets recovered after the last recession in 2008 Analysts take learnings from previous...

TRUSTS TRUSTS
Business3 days ago

PROTECTING YOURSELF AGAINST A RECESSION

James Turner, Director at Turner Little   The coronavirus outbreak has spread to businesses, leaving many around the world counting...

News3 days ago

LIBERTY BANK REINFORCES ITS FRAUD STRATEGY TO FURTHER PROTECT ITS CUSTOMERS

Liberty Bank, the third largest bank in the Georgia, has reinforced its fraud strategy to address the rising volume of...

News3 days ago

COMMERCIAL FINANCE SPECIALIST IGF NAVIGATES THE LOCKDOWN

Leading independent commercial finance specialist, Independent Growth Finance (IGF), entered the lockdown after a record-breaking financial year came to an end in March. In April, it was accredited by...

News3 days ago

COVID-19 WILL BE THE TIPPING POINT FOR DIGITAL TRANSFORMATION IN PROCUREMENT

Seven in ten organisations in the UK say the global pandemic has increased the need for procurement to digitally transform...

News5 days ago

TRIO OF NEW REGIONAL DIRECTORS HEAD UP TIGERWIT’S GLOBAL EXPANSION

Following the release of their record revenue for the last financial year, award-winning online trading platform, TigerWit, has strengthened their...

Wealth Management5 days ago

SECURING THE EVIDENCE FOR VAT AND TAX

Filippa Jörnstedt, Senior Regulatory Counsel at Sovos   Businesses are almost entirely digital in their nature. With sophisticated technology now...

Finance5 days ago

TIPS TO PROTECT YOUR CASHFLOW DURING THE COVID-19 PANDEMIC

By Rita Cool, Certified Financial Planner at Alexander Forbes Financial Planning Consultants   The full impact of the COVID-19 pandemic is...

News5 days ago

RETAILERS WHO OPEN THEIR DOORS WILL NEED EXTRA HELP

With thousands of retail stores given the green light to open in the next few weeks the government needs to...

News5 days ago

LEADING BANK IN TURKEY USES ONESPAN’S MOBILE APP SECURITY SOLUTION TO HANDLE DOUBLING OF DEMAND FROM COVID-19

OneSpan’s scalability helps DenizBank protect millions of mobile banking users as the coronavirus pandemic drives massive increase in hacking attacks...

News5 days ago

KASKO PARTNERS WITH VIVIUM TO LAUNCH FULLY DIGITAL BIKE INSURANCE IN BELGIUM

Vivium, a member of the P&V Group, turned to the InsurTech provider to build an omni-channel and bilingual insurance product,...

News5 days ago

THE STRATEGIC ALLIANCE BETWEEN MINSAIT AND AURIGA WILL PROVIDE AN INNOVATIVE OMNICHANNEL PLATFORM FOR A SUPERIOR BANKING EXPERIENCE

Minsait, an Indra company, and Auriga have reached a strategic agreement that will strengthen their position in the digital transformation...

News5 days ago

INFORMAL PUBLIC TRANSPORT: FRONT-LINE MOBILITY HEROES

By Devin de Vries, CEO, Where Is My Transport    Every week, 5 billion commuters in emerging markets have no...

Finance1 week ago

FIXING THE FLAWS IN FINANCIAL SERVICES’ DATA MANAGEMENT

Simon Cole, CEO at Automated Intelligence, a cloud-based data compliance and governance solutions provider to the financial services sector, warns FS...

Business1 week ago

FROM MANUAL TO MACHINE LEARNING: HOW TO APPROACH THE RECONCILIATION ‘PROBLEM’

By Christian Nentwich, CEO at Duco   At the start of 2020, before the global coronavirus pandemic changed the world,...

Trending