Cloud transformations require dynamic redistribution of resources across cloud infrastructure. From a legal perspective this movement of data from one data processor to another without the explicit consent of the data subject is a threat to data privacy. Levels of assurance and accountability have to be provided from the cloud infrastructure providers to the data subject in order to maintain trust. In cases of Cloud Transformation multiple providers are present and passing accountability down the chain is essential. Existing Service Level Agreements (SLA) and policy based privacy implementations fail to provide the flexibility and accountability needed in establishing these new relationships. By introducing combined risk and privacy assessment alongside SLA negotiation, the legal and data management implications of Cloud Transformation events can be better accounted for. This will better protect the privacy of data subjects and increase confidence and trust in the Cloud computing platform.