|
|
|
|
|
|
by caffeine5150
2934 days ago
|
|
|
I'm an attorney leading (from a legal standpoint) a SaaS provider's GDPR compliance effort. There most definitely is an administrative burden (setting aside whether you think that burden is merited). The SaaS provider is acting as a processor for its business customers (so fewer obligations than if it were controller) and there are many admin requirements. The GDPR is an accountability framework and one must be prepared to demonstrate not just compliance but often how one got to the compliance decisions they landed on. One must maintain processing records, implement DPA's and a variety of other things. The GDPR is not a privacy law, it's a data protection and personal rights law, which is much broader. |
|
|