The date Friday May 25 2018 – when the EU General Data Protection Regulation (GDPR) finally becomes law – might well be seen as doomsday for many in the marketing sector but the big players in the cloud industry will be licking their lips at the prospect.
This is according to Kuan Hon, consultant lawyer at law firm Pinsent Masons, who claims GDPR is going to help the big players in the cloud industry to dominate even more, while the smaller firms will suffer.
Speaking at the Computing Cloud & Infrastructure Summit, Hon said that the GDPR will force companies into so much administration only large companies will see profit in cloud.
“It will be a big change for sub-processors,” said Hon. “Prior consent will be needed and notification of changes, as well as what they call a ‘terms flowdown’.
So, for example, you could have a contract with a software-as-a-service (SaaS) provider, which has to have certain minimum terms under GDPR.
“However, the SaaS providers’ contract with their own infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) provider also needs to have pretty much the same terms because that’s a requirement of GDPR. It’s really hard to know how far down the chain this has to go,” said Hon.
“This is not just cloud computing, this is all supply chains,” she added. “Because of the ‘flow down’ requirements it may be impossible for a cloud provider to actually comply with all of these requirements, unless they are one of the giants; one of the Amazons, Googles or Microsofts, because they control the supply chain and they can force these flowdown provisions.
“But if you’re a small SaaS provider, and you are trying to negotiate with Amazon, Google or Microsoft, it’s going to be hard to get them to accept these extra obligations. Some of them might, but it’s going to be difficult. So, really, I believe this is going to drive business towards the cloud giants who control their supply chain,” Hon concluded.