Corona as the catalyst to digitalization
In the sights of the supervisory authority: processes, security precautions, data transfers, and responsibilities
More than 75 public sector institutions in the European Economic Area (EEA) are under scrutiny by the supervisory authorities, including those in the sectors of healthcare, finance, taxes, education, as well as central purchasers or providers of IT services. Their investigations into use of the cloud concentrate on:
- Implemented processes and safeguards
- International data transfers
- Provisions regulating the relationship between controller and processor
Should the data protection experts find glaring deficiencies in their investigations, this may lead to far-reaching consequences for the affected government agency. These include the additional costs incurred in modifying the implemented solution, service outages, and additional expenses for any change of provider.
The supervisory authorities intend to analyze the results of their investigations in a coordinated manner and consult on further enforcement measures. In addition, a report with the aggregated results is scheduled to be published before the end of 2022.