European Union's General Data Protection Regulation (GDPR), set to kick off in May 2018, is going to help the big players in the cloud industry to dominate even more, while the little guy won't stand a chance. This is according to Kuan Hon, consultant lawyer at law firm Pinsent Masons.
Speaking at the Computing Cloud and Infrastructure Summit, Hon said that the GDPR will force companies into so much administration only large companies will see profit in cloud. "It will be a big change for sub-processors," said Hon. "Prior consent will be needed and notification of changes, as well as what they call a 'terms flowdown'.
So, for example, you could have a contract with a software-as-a-service (SaaS) provider, which has to have certain minimum terms under GDPR.
"However, the SaaS providers' contract with their own infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) provider also needs to have pretty much the same terms because that's a requirement of GDPR. It's really hard to know how far down the chain this has to go," said Hon.
"This is not just cloud computing, this is all supply chains," she also said.
"Because of the 'flow down' requirements it may be impossible for a cloud provider to actually comply with all of these requirements, unless they are one of the giants; one of the Amazons, Googles or Microsofts, because they control the supply chain and they can force these flowdown provisions."
"But if you're a small SaaS provider, and you are trying to negotiate with Amazon, Google or Microsoft, it's going to be hard to get them to accept these extra obligations. Some of them might, but it's going to be difficult. So, really, I believe this is going to drive business towards the cloud giants who control their supply chain," she said.
Image Credit: Chaiyapop Bhumiwat / Shutterstock