On 1 July, the Article 29 Data Protection Working Party adopted a new Opinion, which identifies common data protection risks associated with cloud computing and provides a ‘checklist’ of recommendations for ensuring compliance with data protection legislation.
The majority of risks identified in the Opinion fall into two broad categories – lack of control and lack of transparency about the processing activities being undertaken.
The Opinion helpfully sets out the types of issues which should be covered in any contract a data controller enters into with a service provider for cloud computing, including:
The Working Party also highlights the need for public sector organisations to take ‘special precautions’ over and above what would be expected of the private sector in relation to cloud computing. This includes carrying out an assessment of whether the processing and storage of data outside the UK may expose the security and privacy of data subjects to ‘unacceptable risks’. The Working Party notes that this type of assessment will be particularly important in respect of sensitive databases e.g. those that contain information about student disabilities or employees’ membership of trade unions.
As an interesting final point, the Working Party asks national governments and the European Union to consider whether the creation of a ‘supra-national virtual space’ might be appropriate to ensure that a consistent and harmonized set of rules apply to cloud computing in the public sector. I suspect however that this is just a pipeline dream for now.
A full copy of the Opinion is available here.
Guest contribution by
Sophie Burton-Jones, Solicitor
AltaFlux understands what you and your organization need to excel, and can deliver rapid innovation to unleash your full workforce potential. Together, we can empower your business by streamlining, transforming, and optimizing your key HCM and talent processes with industry-leading SAP SuccessFactors technology—enabling you to adapt at the speed of change.
AltaFlux Corporation is a global HCM cloud consulting partner based in Troy, Michigan. We empower organizations by streamlining, transforming, and optimizing key human capital management (HCM) processes with industry-leading HCM cloud solutions like SAP SuccessFactors, Benefitfocus, WorkForce Software and Dell Boomi.