Application of the Article 28 (3) of the General Data Protection Regulation in contemporary Software as a Service (“SaaS”) business.

2019

For the purposes of this thesis, regulatory requirements associated with the Data Processing Agreement (DPA) are subject to interpretation in the context of SaaS delivery models widely adopted by prominent SaaS providers. In addition, the author argues that, multiple parties processing personal data leads to problems in determining the correct processing role. Thereby, parties may struggle in meeting the requirements of Article 28 (3) of the General Data Protection Regulation (GDPR). Failure to ensure that processing is covered by the proper DPA is regarded as an infringement of the GDPR. For that reason, the thesis seeks to stress out complications associated with structuring DPA’s and pro…