VIEW: On the EU’s plans to investigate public sector transfers to the cloud

Public sector bodies involved in digital transformation projects in the EU may soon find themselves having to answer some awkward questions about data protection law.

Since many established cloud providers are based in the US the Schrems 2 decision was particularly frustrating for the many businesses (and public sector organisations) who had already embarked on schemes to transfer data to the cloud. It is thought that many organisations will have continued regardless – with few additional safeguards in place.

Starting last week the EDPB are investigating public sector compliance (within the EEA), with results due before the end of the year.

When transferring data to the US organisations should have carried out a Transfer Impact Assessment and sought to ensure that data that is transferred is anonymised, such that identities cannot be discovered without further information that is kept within the EEA (or UK). The investigation will reveal what precautions the EU considers to be ‘adequate’.

With the UK GDPR nearly identical to the EU GDPR the results are likely also to be relevant to UK based public bodies and business going through digital transformation projects. Any UK based business or public body going through a digital transformation process at the moment should be paying close attention to the results, due later this year.

    Share Story:


Cyber risk in the transportation industry
The connected nature of the transport and logistics industries makes them an attractive target for hackers, with potentially disruptive and costly consequences. Between June 2020 and June 2021, the transportation industry saw an 186% increase in weekly ransomware attacks. At the same time, regulations and cyber security standards are lacking – creating weak postures across the board. This podcast explores the key risks. Published April 2022.

Political risk: A fresh perspective
CIR’s editor, Deborah Ritchie speaks with head of PCS at Verisk, Tom Johansmeyer about the confluence of political, nat cat and pandemic risks in a world that is becoming an increasingly risky place in which to do business. Published February 2022.