ARTICLE
1 February 2023

New Rules For Cloud Services – At Least In The Public Sector

SA
Schoenherr Attorneys at Law

Contributor

We are a full-service law firm with a footprint in Central and Eastern Europe providing local and international companies stellar advice. As the go-to legal advisor for complex commercial matters in the region, Schoenherr aims to use its proximity to industry leaders, in developing practical solutions for future challenges. We keep a close eye on trends and developments, which enables us to provide high quality legal advice that is straight to the point.
The European Data Protection Board (EDPB) has published a report on its coordinated enforcement activities in relation to the use of cloud-based services by public sector bodies.
European Union Privacy
To print this article, all you need is to be registered or login on Mondaq.com.

The European Data Protection Board (EDPB) has published a report on its coordinated enforcement activities in relation to the use of cloud-based services by public sector bodies. The report provides public authorities using cloud services with a set of recommendations ("Points of Attention"). Some background: in 2022, 22 data protection authorities across the European Economic Area (including the European Data Protection Supervisor) conducted coordinated investigations to examine how public bodies use cloud-based services. In total, around 100 public sector bodies were involved in the inquiries. They spanned the European institutions and different sectors, such as healthcare, finance, taxation, education, and providers and purchasers of IT services. The joint report is a summary of the findings of all enforcement authorities in the Coordinated Enforcement Framework. Although the specific investigations are still ongoing, the report provides guidance on how to check GDPR compliance when using cloud-based services – and not just for public authorities. Eight challenges identified by regulators during the Coordinated Enforcement Framework are given particular attention. These include pre-contractual issues related to conducting a data protection impact assessment (and/or risk assessment), as well as the role of parties and audit rights. Click here for more information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More