Public sector bodies involved in digital transformation projects in the EU may soon find themselves having to answer some awkward questions about data protection law.
Since many established cloud providers are based in the US the Schrems 2 decision was particularly frustrating for the many businesses (and public sector organisations) who had already embarked on schemes to transfer data to the cloud. It is thought that many organisations will have continued regardless – with few additional safeguards in place.
Starting last week the EDPB are investigating public sector compliance (within the EEA), with results due before the end of the year.
When transferring data to the US organisations should have carried out a Transfer Impact Assessment and sought to ensure that data that is transferred is anonymised, such that identities cannot be discovered without further information that is kept within the EEA (or UK). The investigation will reveal what precautions the EU considers to be ‘adequate’.
With the UK GDPR nearly identical to the EU GDPR the results are likely also to be relevant to UK based public bodies and business going through digital transformation projects. Any UK based business or public body going through a digital transformation process at the moment should be paying close attention to the results, due later this year.
Printed Copy:
Would you also like to receive CIR Magazine in print?
Data Use:
We will also send you our free daily email newsletters and other relevant communications, which you can opt out of at any time. Thank you.
YOU MIGHT ALSO LIKE