SaaS / Cloud Platform
You process other people's data? That changes everything.
SaaS platforms are data processors under GDPR and potential essential/important entities under NIS2. You need DPAs, incident response, and potentially sector-specific compliance.
Sprawdzian rzeczywistości
If your largest customer asked for your SOC 2 report and Data Processing Agreement today, could you deliver?
GDPR (General Data Protection Regulation)
mandatory Art. 28, Art. 30(2), Art. 32, Art. 33(2)Twoje obowiązki
- Data Processing Agreement (Art. 28) for every customer
- Sub-processor management and notification
- Data breach notification to controllers without undue delay
- Technical and organisational measures documented (Art. 32)
- Data Protection Impact Assessment if high-risk processing
- Records of processing as processor (Art. 30(2))
SiteGuardian to monitoruje
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Ryzyko w przypadku zignorowania
Loss of enterprise customers who require DPAs. Joint liability with controllers. Fines up to 4% turnover.
NIS2 Directive (Cybersecurity)
mandatory Art. 21, Art. 23Twoje obowiązki
- Cloud computing providers are essential entities
- Risk management measures (Art. 21) mandatory
- Incident reporting: 24h early warning, 72h notification
- Supply chain security for dependencies
- Management body accountability
SiteGuardian to monitoruje
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Ryzyko w przypadku zignorowania
Cloud/SaaS providers explicitly in NIS2 scope. Fines up to €10M. Management personal liability.
Cyber Resilience Act (CRA)
conditional Art. 10, Art. 11, Art. 13Twoje obowiązki
- Security by design for products with digital elements
- Vulnerability handling and disclosure obligations
- Security updates for the product's expected lifetime
- Software Bill of Materials (SBOM) provision
SiteGuardian to monitoruje
- TLS version and cipher suite monitoring
- Security headers enforcement checks
- Certificate chain and expiry validation
Ryzyko w przypadku zignorowania
Products banned from EU market. Fines up to €15M or 2.5% of global turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31Twoje obowiązki
- WCAG 2.2 AA for all user-facing interfaces
- Accessible documentation and onboarding
- Alternative access methods for disabled users
SiteGuardian to monitoruje
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Ryzyko w przypadku zignorowania
B2B SaaS used by employees covered under EAA. Public sector procurement requires accessibility.
Czy to dotyczy Ciebie?
Jeśli odpowiesz tak na 2 lub więcej, te przepisy bardzo prawdopodobnie dotyczą Twojej firmy.
Sprawdź, gdzie stoisz
Nasz darmowy skaner sprawdza stan bezpieczeństwa Twojej strony, SSL, nagłówki, uwierzytelnianie e-mail i więcej. Bez rejestracji.
Scan your platform's securityTa strona zawiera ogólne informacje o ramach regulacyjnych UE. Nie stanowi porady prawnej. Skonsultuj się z wykwalifikowanym prawnikiem w celu uzyskania porady dostosowanej do Twojej sytuacji. SiteGuardian dokumentuje Twój monitoring w sposób ciągły — zgodność jest obowiązkiem Twojej organizacji.