“Cloud computing is a model that allows ubiquitous and convenient access to the on-demand network to a common set of configurable COMPUT resources (for example. B networks, servers, memory, applications and services) that can be quickly made available and released with minimal administrative burden or interaction between service providers. The right to data portability is certainly applicable to private people in charge of processing, whereas, according to recital 68, the RGPD “should not, by its nature, object to the processing of personal data in the performance of its public service missions.” However, data portability depends on the availability of standards leading to interoperability. Therefore, SMEs should ensure that the PSC they have chosen uses interoperability standards that would make data portable at the request of those involved; As explained above, the latter obligation does not apply to the processing of personal data in the cloud in the course of its public service missions. Applicable law: With regard to applicable data protection legislation, the Regulation (EU) 2016/679 defines the territorial scope of Article 3. In particular, paragraph 1 of the Regulation stipulates that its provisions apply to the “processing of personal data in the context of the establishment activities of a processing manager or subcontractor in the EU, whether or not the treatment takes place in the Union”. Therefore, where the establishment of the processor (CSC) or data processor (usually the cloud service provider as a data processor) is in the EU, the provisions of the regulation apply. Select a cloud service provider that ensures compliance with EU data protection laws; verify whether the contract contains provisions to limit the liability of cloud service providers in the event of a breach of data protection rules; Commission`s services working paper on commission communication entitled “Unleashing the potential of cloud computing in Europe” Negotiating performance levels: some aspects of the CSP agreements, such as understanding latency times, the degree of consistency in data access, percentages of service availability, the idea of downtime when delivering services, scheduled downtime, etc., require the definition of clear performance indicators for its CSPs requirements, to ensure that CPs can meet their business needs. Understanding the non-service directive is as important to businesses as it is to basic diligence. Typically, a cloud computing service is offered on a pay-as-you-go or pay-per-use (for example) cost structure. B per virtual machine per hour, per gigabyte of memory per month and per active user each month).
As a result, the agreement should provide for the possibility of adding and eliminating resources, with a corresponding adjustment of service charges up and down.