SaaS / Cloud Platform
You process other people's data? That changes everything.
SaaS platforms are data processors under GDPR and potential essential/important entities under NIS2. You need DPAs, incident response, and potentially sector-specific compliance.
Verificação da realidade
If your largest customer asked for your SOC 2 report and Data Processing Agreement today, could you deliver?
GDPR (General Data Protection Regulation)
mandatory Art. 28, Art. 30(2), Art. 32, Art. 33(2)As suas obrigações
- Data Processing Agreement (Art. 28) for every customer
- Sub-processor management and notification
- Data breach notification to controllers without undue delay
- Technical and organisational measures documented (Art. 32)
- Data Protection Impact Assessment if high-risk processing
- Records of processing as processor (Art. 30(2))
O SiteGuardian monitoriza isto
- TLS/HTTPS encryption monitoring
- Automated cookie consent detection
- Security headers analysis
- Email transport encryption checks
- Breach notification SLA tracking (72h)
- Digital DPA/AVV signing
Risco se ignorado
Loss of enterprise customers who require DPAs. Joint liability with controllers. Fines up to 4% turnover.
NIS2 Directive (Cybersecurity)
mandatory Art. 21, Art. 23As suas obrigações
- Cloud computing providers are essential entities
- Risk management measures (Art. 21) mandatory
- Incident reporting: 24h early warning, 72h notification
- Supply chain security for dependencies
- Management body accountability
O SiteGuardian monitoriza isto
- 24h/72h/1m incident reporting SLA
- DNSSEC and DNS security monitoring
- Security headers and TLS enforcement
- Uptime and availability monitoring
- Supply chain risk scoring
- Incident auto-classification (NIS2 Art. 23)
Risco se ignorado
Cloud/SaaS providers explicitly in NIS2 scope. Fines up to €10M. Management personal liability.
Cyber Resilience Act (CRA)
conditional Art. 10, Art. 11, Art. 13As suas obrigações
- Security by design for products with digital elements
- Vulnerability handling and disclosure obligations
- Security updates for the product's expected lifetime
- Software Bill of Materials (SBOM) provision
O SiteGuardian monitoriza isto
- TLS version and cipher suite monitoring
- Security headers enforcement checks
- Certificate chain and expiry validation
Risco se ignorado
Products banned from EU market. Fines up to €15M or 2.5% of global turnover.
European Accessibility Act (EAA)
mandatory Art. 4, Art. 13, Art. 31As suas obrigações
- WCAG 2.2 AA for all user-facing interfaces
- Accessible documentation and onboarding
- Alternative access methods for disabled users
O SiteGuardian monitoriza isto
- WCAG 2.2 Level AA conformance auditing
- Automated accessibility scoring
- Violation severity breakdown and remediation hints
- Daily accessibility scans
Risco se ignorado
B2B SaaS used by employees covered under EAA. Public sector procurement requires accessibility.
Isto aplica-se a si?
Se responder sim a 2 ou mais, estes regulamentos muito provavelmente aplicam-se ao seu negócio.
Veja onde está
O nosso scanner gratuito verifica a postura de segurança do seu site, SSL, cabeçalhos, autenticação de e-mail e mais. Sem necessidade de conta.
Scan your platform's securityEsta página fornece informações gerais sobre os quadros regulamentares da UE. Não constitui aconselhamento jurídico. Consulte um profissional jurídico qualificado para obter aconselhamento específico à sua situação. O SiteGuardian documenta a sua monitorização de forma contínua — a conformidade é da responsabilidade da sua organização.