Privacy Level Agreement (Pla)

Practical evaluation of a reference architecture for data protection agreement management. / Diamantopoulou, Vasiliki; Mouratidis, Haralambos. PLA [V2] should be used as an annex to a cloud services contract and the level of privacy… Yes, I have just made “privacy level agreements” on the ground, but I think the idea is valid. We have service levels because there are different requirements for compute infrastructure depending on what happens in your business. Even though companies collect all kinds of information about their customers, partners and employees, not everything is subject to the same strict rules for investigation, storage and disposal. There`s a level of privacy. “What we need,” I said, “is to focus more on implementing privacy agreements that govern the use of data in a cloud environment.” The goal is for cloud service providers to publish a Privacy Agreement (PLA) as an appendix to their service contracts, which sets out the data protection rules for each service. The standard form of these AEPs should make it easier for organizations to determine which services are both internal (“Is this a safe place for my data?”). (“Is this in line with my legal obligations?”) Meet data protection and security requirements. It should also be easier to compare different services – the CSA suggests that providers can offer different SERVICES for different services. Compliance with data protection is increasingly risk-based. Processors and subcontractors are responsible for determining and implementing an adequate level of protection for the personal data they handle within their organizations.

In such a decision, they must take into account factors such as the state of the art; Implementation costs The nature, scope, context and purpose of treatment; and the risk of a different probability and seriousness of the rights and freedoms of individuals. As a result, cloud service providers (CSPs) are responsible for self-determining the level of protection required for the personal data they process. In this scenario, the plagiarized code of conduct provided guidance for compliance with legislation and the necessary transparency regarding the level of data protection offered by the PSC.