Privacy and Data Security Assessment for IT Vendor Services-strategic approach for Vendor IT Services analysis under GDPR

Abstract

The large loads in current systems, in terms of software and hardware, compel various institutions and organizations to purchase IT services such as software hosting, hardware and software infrastructure, and different equipment for data storage. All these requests for additional resources expose institutions and organizations to numerous risks that threaten privacy and data security. In order to provide secure services and prevent potential attacks, various institutions and organizations implement high standards to prevent data attacks and privacy violations. One of these standards is the GDPR (General Data Protection Regulation) - 2016/679, which has two versions: OJ L 119, 04.05.2016; cor. OJ L 127, 23.5.2018. This research identifies the largest services that are purchased, including the names of the sellers and the services. These services are classified into five categories based on the level of security they provide, which is controlled in terms of the harmonization between privacy and data security on the part of the service seller. The purpose of this paper is to emphasize the importance of GDPR in the selection of services purchased by both users and service providers.