Cloud solutions and data protection – do you comply with legislation?
Data protection legislation can be difficult to understand, and if you are using cloud solutions, another link will be added to the processing and storage of data – especially if the cloud solution is placed abroad. A new tool makes it easier for businesses to assess whether they meet the requirements.
Over time, cloud solutions have become more mature and popular with the businesses given their cost-effective structure, scalability, and flexibility, and today, many are typically using one or more cloud solutions in the IT infrastructure, platforms or services of the business.
All businesses should consider the data protection requirements that accompany the processing of data – the data security of the business, the rights of registered persons, and possible subcontractors’ processing of data – but when you are using cloud solutions, it is also important to ascertain whether data is transferred to foreign countries. Because even in Europe there are small, but crucial differences in the legislation.
It is expected that even after the new European personal data regulation has entered into force on 25 May 2018, there will be differences between countries. Thus, we advise all businesses using cloud solutions to check whether they meet Danish as well as local legislative requirements.
Read more about the new European personal data regulation and how to avoid fines when it enters into force: The personal data regulation: Get going – and avoid fines.
Cloud Privacy Check: Gain clarification by four questions
Cloud Privacy Check (CPC) is an online tool, simplifying the business’s work with data protection legislation by providing a quick and detailed overview of whether the business meets the requirements of data protection.
By answering either ”yes” or ”no” to four questions regarding the business’s processing of data – for example the processing of personal data and third party access – the tool clarifies which of the below legal contracts needs to be in place for the business to comply with legislation.
- Service contract between the cloud service provider and the cloud service customer
- Data processing contract
- Standard EU contract with the cloud service provider
- Precautions when involving subcontractors
- Transparency notice to the cloud service customer
You can find the Danish tool here: Cloud Privacy Check – Get Started – where the legal contracts are further explained.
Would you like to know more?
If you have any questions regarding cloud solutions and data protection both prior to and after having used the tool, you are welcome to contact Attorney Claas Thöle on firstname.lastname@example.org or by telephone (+45) 77 40 11 65.
You can also find more information on the subject on the Cloud Privacy Check website, where you can order a brochure and a whitepaper on Cloud Computing and Data Protection (in English or German).
Facts about Cloud Privacy Check (CPC)
Lawyers from 33 European states have jointly created the tools Cloud Privacy Check (CPC), which make it easier and simpler to assess the requirements of data protection legislation and compare legislation across European borders.
NJORD Law Firm’s attorneys Claas Thöle, Peter Gustav Olson and Niels-Peter Kjølbye have been involved in creating the Danish contribution to the tool, whereas Attorney Dmitri Nikolaenko contributed to the Latvian version of the tool.