• VMW Taxand
• About us
• Services
• Flex BV
• Credentials
• People
• Publications
• Working at VMW Taxand
• News
• Events
• Contact

• Newsletters Privacy
• • •   Hidden cameras in the workplace
  • •   Tax Authorities violate tenant privacy
  • •   Personal Data Protection Act amended
  • •   ECHR rules against the Netherlands
  • •   Amendments to the Exemption Decree Personal Data Protection Act
  • •   Hacking by the police
  • •   Processing is allowed, notification is mandatory
  • •   In the cloud
  • •   International transfer of personal data
  • •   Is monitoring employee behaviour an infringement of privacy?
  • •   Tax and Customs Administration lax in checking requests for tax data
  • •   Failing to provide information when fines have been imposed will be an offence
  • •   Legislative proposal for amendments to personal data protection
• Update on 2012 Dutch Corporate Tax Proposals
• The Amended 30% Ruling Regime

In the cloud?

It has become common in recent years for companies to outsource IT services. It is rare for a company not to have encountered remote management, hosting in an external data centre, colocation, cloud computing or Software-as-a-Service (SaaS). Compared with running IT in house, these options often present interesting opportunities, both financial and in management terms. But there are risks, too.

Almost all companies have data in their systems that are covered by the Personal Data Protection Act (Wbp). Many remote administrators, cloud services and SaaS providers will qualify as a processor of personal data within the meaning of the Wbp. It is not clear in all cases which countries these services operate from. The Wbp and the European regulations on which it is based impose requirements on processors. Those that operate in countries outside the European Union are likely to need a licence for processing personal data. The customer is responsible for compliance at all times.

Guaranteeing business continuity

The importance of having sound arrangements for outsourcing IT services is not concerned with privacy alone. There are other pitfalls to consider. If you outsource your IT, the contracts with the service providers must be drafted with great care. Bear in mind that without ICT the entire business will grind to a halt. It therefore makes sense to set up contracts with service providers that give the best possible guarantee of the continuity of your business. Some points to consider follow below.

What service is guaranteed, and for what period? An uptime of 99.9% sounds impressive, but in a year this could mean a continuous period of 8.7 hours. Could you do without your IT system for that long? And if things go wrong, what losses will the service provider reimburse? General terms and conditions invariably exclude liability for consequential losses such as trading loss and loss of income. You will be lucky if these are your only losses if your IT systems fail in practice. A Service Level Agreement (SLA) will often turn out to be a dead letter.

If you have a dispute with your hosting provider about liability for payment, the provider may be able to rely on the right of retention provided by law and refuse to release your servers until you pay whatever the provider, rightly or wrongly, thinks you owe. This gives a provider a powerful means of exerting pressure. It would be better to exclude rights to suspend performance, such as the right of retention, thereby enabling you to relocate your servers rapidly if needed.

Attachment of server

If you use colocation services, then you will be sharing the server with others. What if attachment is levied on the server under criminal or civil law, perhaps because of the suspicion that it contains material of a criminal nature or that infringes copyrights. You won’t then be able to access your data. How soon can your IT services be brought back on line, and what measures does your provider have in place to ensure this? What is your position in that case if the personal data for which you are responsible should fall into the wrong hands?

There are many other examples that could be given. The time taken to carefully arrange your contracts with IT service providers before you commit to them is therefore well spent. We advise and assist both IT service providers and their customers.

Godfried van Berkel
Attorney at law, corporate law
godfried.vanberkel@vmwtaxand.nl

There is additional information on privacy and how our various practice groups can be of assistance to you here.