From a compliance perspective, we advise organisations on how to safely move data to the cloud – particularly employee or customer data. We help them conduct due diligence on third party vendors, ideally as part of a standard Request for Proposal process, so that they can properly evaluate the data management and security processes in place.

Third-party risk

Increasingly, companies are moving their data to the cloud for reasons of cost efficiency and to benefit from the sophisticated security deployed by cloud providers. Trust is a key issue for customers when selecting service providers. While cloud technologies provide many benefits, there are also significant risks which can and should be minimised through appropriate contractual clauses. We work with clients to navigate this area effectively, and protect them by ensuring that their contracts are appropriate, robust and adequately minimise their risk.

As well as conducting due diligence on third party vendors, we help clients ensure that their contracts with vendors contain key provisions in terms of data protection and security management.

We also advise SaaS companies – as data processors – on product design and hosting customer data on cloud provider servers, including on the location of these data servers. Ensuring they can demonstrate robust privacy and security management will be key to attracting and retaining customers.