The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Validation Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to automate legally compliant authorisation decisions from XACML format-ted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.