So new Rules / Laws are comming in EU
Therefore Company's Hosting and or have acces to DATA with personal data.
Scroll down you see DE and ENG sample contracts and info links https://www.bitkom.org/Themen/Datenschutz-Sicherheit/Datenschutz/EU-DSGV...
FAQ DS-GVO (EN: FAQ - What to know about the General Data Protection Regulation (GDPR)
and also (EN: Processing of Personal Data in Third Countries)
This was i ment before in a post / reply of me, when giving access of Server for Support to others, better to have a kind off default contract for this?
FYI this is only a start and info while becomes very important to do it the right way why see if failure or not complaint >
The German BDSG set a moderate cap of 300 000 EUR per data protection
breach. The new fines of the GDPR can be much higher. Note that the GDPR refers to the
worldwide annual turnover of the company of the preceding financial year. According to
Recital 150 »company« shall be defined as in Article 101 and 102 TFEU. As those Articles are
also used in competition law, some scholars have interpreted that the level of fines
depends on the turnover of the »group of undertakings« and not only the responsibly
entity (»controller«). However, the literal interpretation does allow for any conclusion. Note
that DPAs can also impose fines for several data protection breaches which can go beyond
the level of an individual data protection breach
With these in MIND it could be handy to have a extra extended log view and backup of these logs for: Security Updates wen these are notified and wen they are done so a extended and also with history versions and dates, and also ADMIN/root acces logins and such kind of AUDIT reports for DATABASE access, wich type of encryption used, password rules and "forced" renewal and so on.