SaaS / Cloud Platform
You process other people's data? That changes everything.
SaaS platforms are data processors under GDPR and potential essential/important entities under NIS2. You need DPAs, incident response, and potentially sector-specific compliance.
Verifica della realtà
If your largest customer asked for your SOC 2 report and Data Processing Agreement today, could you deliver?
GDPR (General Data Protection Regulation)
mandatory Art. 28, Art. 30(2), Art. 32, Art. 33(2)I tuoi obblighi
- Data Processing Agreement (Art. 28) for every customer
- Sub-processor management and notification
- Data breach notification to controllers without undue delay
- Technical and organisational measures documented (Art. 32)
- Data Protection Impact Assessment if high-risk processing
- Records of processing as processor (Art. 30(2))
SiteGuardian monitora questo
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Rischio se ignorato
Loss of enterprise customers who require DPAs. Joint liability with controllers. Fines up to 4% turnover.
NIS2 Directive (Cybersecurity)
mandatory Art. 21, Art. 23I tuoi obblighi
- Cloud computing providers are essential entities
- Risk management measures (Art. 21) mandatory
- Incident reporting: 24h early warning, 72h notification
- Supply chain security for dependencies
- Management body accountability
SiteGuardian monitora questo
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Rischio se ignorato
Cloud/SaaS providers explicitly in NIS2 scope. Fines up to €10M. Management personal liability.
Cyber Resilience Act (CRA)
conditional Art. 10, Art. 11, Art. 13I tuoi obblighi
- Security by design for products with digital elements
- Vulnerability handling and disclosure obligations
- Security updates for the product's expected lifetime
- Software Bill of Materials (SBOM) provision
SiteGuardian monitora questo
- TLS version and cipher suite monitoring
- Security headers enforcement checks
- Certificate chain and expiry validation
Rischio se ignorato
Products banned from EU market. Fines up to €15M or 2.5% of global turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31I tuoi obblighi
- WCAG 2.2 AA for all user-facing interfaces
- Accessible documentation and onboarding
- Alternative access methods for disabled users
SiteGuardian monitora questo
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Rischio se ignorato
B2B SaaS used by employees covered under EAA. Public sector procurement requires accessibility.
Questo ti riguarda?
Se rispondi sì a 2 o più, queste normative molto probabilmente si applicano alla tua azienda.
Scopri a che punto sei
Il nostro scanner gratuito verifica la postura di sicurezza del tuo sito, SSL, header, autenticazione e-mail e altro. Nessun account necessario.
Scan your platform's securityQuesta pagina fornisce informazioni generali sui quadri normativi dell'UE. Non costituisce consulenza legale. Consulta un professionista legale qualificato per una consulenza specifica alla tua situazione. SiteGuardian documenta il tuo monitoraggio in modo continuo — la conformità è responsabilità della tua organizzazione.