Fair Principle 1: Vendors shall fulfil existing regulatory obligations

Fair Principle 1: Vendors shall fulfil existing regulatory obligations

2022-06-16 NB Fair Principles 01B6/16/22, 3:34 PM

Business users associations Beltug, Voice, Cigref and CIO Platform Nederland call for a balanced cloud market: 11 fair principles to unleash Europe’s digital potential. Fair principle 1 calls for every vendor to fulfil existing regulatory obligations.

"Data is the new oil" and all companies are digitally transforming to create value in their own way in the new data economy. Data must be able to flow in a transparent way between vendors and users, but all this must be done according to a number of rules that are respected by all involved.

Europe is taking the lead in this global challenge by developing a regulatory framework around fair access to and use of data. This Data Act is an opportunity to free up inter-company data sharing and is complementary to other existing or planned regulations, notably: the GDPR, the Digital Services Act (DSA), the Digital Markets Act (DMA) and the Artificial Intelligence Act.

GDPR was published in 2016 to protect the privacy of people and came into force in 2018. Under the GDPR, protection of personal data is guaranteed by all parties involved in the processing of these personal data. The vendor must fulfil its duties as processor and/or controller, adhere to contractually agreed location of data processing (including hosting or remote support), etc… Business users need to be able to trust their vendors and must be sure that the software used or the services offered by their cloud provider are GDPR compliant. In the same way as ISO 9000 is already for years a criterium for quality, GDPR compliance must guarantee to the (business) user that the product or service  used will adequately protect the personal data stored or processed. For this, all vendors must take their responsibilities. Vendors that work in a certain industry, geography or regulatory environment shall comply with applicable regulations. Vendors shall take responsibility for the data they manage, or their software product processes, on behalf of the customer in such a way that customers can comply with regulations they are subject to.

Today, the national Data Protection Authorities enforce the GDPR process and monitor the compliance. In many countries this already caused discussions and legal proceedings. Unfortunately, in 2022 (4 years after the activation), some providers still do not respect the GDPR framework or - worse - continue to dispute it with all possible efforts. The larger and more dominant vendors are, the longer they protect their position and business model, and the slower they apparently adhere to the regulatory framework of an open innovation system with respect for all stakeholders. Therefore, the question remains; will they respect and apply the new EU regulations coming such as Digital Services Act (DSA), Digital Markets Act (DMA), the Artificial Intelligence Act to ensure that Europe can continue to innovate and stay competitive in this global market? And how will business users be sure their providers, products and services do actually comply?

We summarize all these concerns with a first fair principle which is also the simplest. Big or small, European or non-European, software company or cloud provider … if you want to do business in the European data economy you must follow the EU rules; every vendor shall fulfill existing regulatory obligations.

4-assoc logo 2022-06


11 Fair Principles

« Back

More news

Digital skills crucial in education or not?

2023-06-01 | NB | Digitale vaardigheden wel of niet cruciaal in het onderwijs6/1/23, 3:39 PM Prior to the Whitsun weekend, two motions were announced in the Dutch House of Representatives that concerned the place of digital literacy in primary and secondary education full story

Digital literacy is a crucial basic skill

2023-06-01 | NB | Digitale vaardigheden wel of niet cruciaal in het onderwijs5/26/23, 4:58 PM In a world where digital technology is becoming increasingly important, in almost all social, societal and economic processes, having sufficient knowledge to handle it properly is crucial. Being able to develop, maintain and deploy this technology properly and safely, understanding what it can be used for, and what it cannot be used for and how to do so efficiently, is necessary in this regard, also to avoid major problems. This is where the economic opportunities of the future lie. full story

Meryem El Bouyahyaoui new board member for Diversity & Inclusion

Meryem El Bouyahyaoui - CIBG - 20235/15/23, 1:40 PM CIO Platform Nederland welcomes Meryem El Bouyahyaoui (CIO at CIBG) as new board member for the portfolio of Diversity & Inclusion. This vacancy arose due to a new career opportunity of Britt van den Berg (until recently CIO at SVB). full story

CIO Platform Nederland signs inclusion pact VIP-IT to increase labour participation of visually impaired persons within IT

2023-05-12 | NB |  Inclusiepact VIP-IT5/13/23, 1:52 PM On May 12th, several parties, including CIO Platform Nederland, signed the inclusion pact VIP-IT, at the location of Hogeschool van Amsterdam (HvA) in Hilversum. The project team from the HvA, the Bartiméus Fund and Incluvisie shared the steps in the project plan with the aim of getting more visually impaired people (VIPs) employed in IT. full story

View all news items through the archive

Close